For an IGA solution, among plethora of capabilities, the following are table stakes - event-driven/resource-owner/orphaned-account/manager-based reviews, multi-level approval access requests with sequential/parallel/quorum-based approvals, customized forms for various Request types, remediation of SOD control violations. While this ensures that we have an apparatus to manage basic governance processes, it retains the administrative burden. Organizations are spending lot of resources on same set of activities and vendors are building same set of capabilities as before. The continuous adornment around these features is decelerating innovation in this space. The focal point instead should be around pruning the expanse of governance activities while not compromising on security or compliance objectives. The call to lighten the load on the line of business has never been louder. The key questions that management and stakeholders must answer are as follows:
Inferences and prescriptions are arrived at by using methodologies that will help us build and train a knowledgeable system. Such a system will have learning algorithms to analyze data and changes and develop Policies for timely, accurate and reduced governance activities. Though not essential, if an organization has modeled Roles, when Policies are amalgamated with Roles, it creates a very potent, labor-saving manifesto for IGA.
There is also a joint Webinar on this topic with KuppingerCole on 30th November 2023. Click here to Register.