INDEPENDENT IDENTITY GOVERNANCE

Who’s reviewing Identity Management?

Problem

Identity and Identity Management Systems are at the centre of most organisations’ security and IT operations.

However, it’s almost impossible to find an organisation where every system or database is being managed through the central IDM. The reality is that the modern IT environment is complex, and many legacy or in-house applications were never designed for external administration. As a result, application owners and team leaders are left with an incomplete understanding of how access management is applied across the organisation.

In this context, a one-system approach to IDM/IGA doesn’t provide the flexibility and governance organisations need.

‘We have a complex environment, we’ve grown through acquisitions, and we allow most of those businesses to continue with many of their applications’ says the security lead for an insurance services company that uses RightCrowd IQ.

A combination of operational security awareness and growing audit scrutiny prompted the organization to address the issue. ‘We’d seen scenarios, where access had been revoked and a rogue automation script reinstated the access overnight. Without independent Identity Governance we wouldn’t have picked this up.’

Solution

RightCrowd IQ focuses on auditing and analysing who has access to your systems and critical information. Users can instantly assess the health of access compliance across your business and quickly determine where further investigation or remediation is required.

RightCrowd IQ was deployed to provide four primary IGA capabilities:

  1. Simplify data collection – automating the collection and correlation of access data from disparate sources
  2. Visualize access in a holistic way – so that team leaders and applications owners could see who has access to what across all systems, not just those governed by the central IDM
  3. Make compliance relevant – leverage real-time data to make more effective decisions
  4. Improve policy compliance outcomes – actively manage the environment and demonstrate the improvement

Benefits

The main benefit of independent Identity Governance is flexible visibility of how access management policies are applied across the enterprise environment. ‘The IDM does what its configured to do, and if the policy isn’t being applied properly, it can’t tell you. Compliance is a non-negotiable, that’s why we decided to go for independent IGA.’

The other benefits of RightCrowd IQ included:

  • Legacy and in-house systems – collect and correlate access data, for systems not integrated into the IDM
  • Policy compliance – independently review how access management policies were being applied across the environment
  • Identify risks – near real-time access rights data to identify, poor practice and rogue automation
  • Improved compliance outcomes – actively demonstrate to auditors and the Board that critical compliance issues are being managed