Nathan Augustyn
16 March 2023
Over the past couple of years, South Africa has been hit by a few high-profile cyberattacks against some of the largest organizations in the country including government departments. During the same period, South Africa was also found to be amongst the top 10 countries to have experienced cybercrime, according to research by cybersecurity company Surfshark.
With more people in the country gaining access to digital devices one can bet that cybercrime will continue to increase, and it’s time to start implementing identity governance.
What is Identity Governance?
Identity Governance is the enabling processes and technologies that allow organizations to know who has access to what, how the access can be used, and if that access complies with policy.
Identity Governance and Administration (IGA) and Identity and Access Management (IAM) are two words that are often wrongly used interchangeably; however, IGA is a larger umbrella term that refers to the processes that allow organizations to monitor and ensure that people’s identities and security rights are managed properly. Whereas IAM, still an umbrella term, can be regarded as a component of IGA and relates to users’ digital identities and access rights, more specifically the technology resources used to manage such.
How to find the right Identity Governance Solution
One article isn’t enough to write a comprehensive description of all the aspects of Identity Governance, however, this should start giving you a better picture and perhaps give you a few ideas to research further.
Here are a few tips on finding the right Identity Governance Solution:
- Catalogue and map out your architecture to gain a clear picture of all the asset and resource identities your organisation uses. Ensure whatever solution you settle on has the capability to integrate with the various resources.
- Work closely with HR and department heads to detail the various roles in your organization and the necessary privileges and access required for staff to perform their duties. Many Identity Governance solutions have the capability to provision or de-provision resources based on specific roles within the organization. This compliments your “JML” (joiner, mover, leaver) processes.
- Depending on the size of your organisation and the complexity of your architecture perhaps consider a solution that has automated role-mining capabilities. This uses pattern-matching and peer-group analysis to discover collections of similar access and outliers.
- Clearly define your security and compliance policies as it’ll make it easier to configure these in your solutions.
- Consider your recertification processes, as this will form part of your Identity Governance processes. Depending on requirements, most modern solutions provide AI / predictive-driven or event-based certification capabilities.
- Lastly, take a pragmatic approach and consider splitting the implementation of the solution into incremental steps.
Enterprise IAM Solutions
Instead of settling for a point solution, or “bolt-on” solution rather have a look at the plethora of off-the-shelf solutions out there. Gartner would be a good starting point.
Most modern IAM solutions provide the necessary tools to cover the full scope of how we see Identity Management today. These include, but are not necessarily limited to:
- Authentication: often confused with authorization, but essentially refers to the validation of who you are.
- Authorization: authorization on the other hand has to do with your privileges i.e., what you’re allowed to do.
- Administration: administration in the context of an IAM solution refers to configuration management and controls.
- Analysis: analysis refers to the security insights that can be gained from usage data, assignments, and configurations through means of data collection and processing.
- Audit: auditing capabilities are a significant part of any identity management system. Whether you’re overlaying controls to meet compliance requirements or creating system-driven lifecycle management functions that have verifiable control proofs.
Identity Governance at Integrove
Here at Integrove, we take security seriously. Let us help you gather the requirements and understand the full scope of the solution you need, so that you don’t leave any weaknesses in your organisation for hackers to take advantage of.