Identity Blog
All you need to know about Identity and Access Management.
There has been a growing consensus among industry experts that enterprise security teams have too many tools. A number of studies and surveys are available that put the number of tools used by enterprise security teams to be between 40-60. Each tool presents its own sets of challenges and adds risks as it needs people to be trained to implement and manage them.
As per our Security Experts, most of these tools are not fully utilised. In fact, some of these tools have less than 15% of the full potential being realised. For example, Identity Governance platforms like Sailpoint, Savyint, Omada, Oracle and IBM IAM Suite of products. These tools have a vast array of functionality built into them.
Typically, the main areas are:
1. Access Request, where employees and managers can request for addition or removal of permissions of different systems
2. A Joiner/Mover/Leaver system, that detects when new employees are joining and grant them relevant access based on their job roles and subsequently manage addition or removal of their access when they move roles within the company or eventually leave the company
3. Access Certification platform, where all of the access that people have on the enterprise systems are meant to be periodically reviewed and certified by people managers or application owners.
4. Separation of Duties (SoD) platform, that detects conflicting access that employees and contractors might currently have across applications used by the enterprise. The SoD platform also stops conflicting access from being granted by highlighting this at the request stage.
To achieve all the granting and removal of access across the systems, these systems have hundreds of integrations called as connectors that need to be setup for initially bringing in the required data and then managing access to these systems. In addition, businesses require reporting and dashboards etc. which are common use cases across all enterprise applications.
In theory, all critical enterprise applications should go through periodic access review and as such should be integrated/onboarded to the IAM system. To drive the maximum value out of JML processes, it is really key to have integrations at a minimum to all systems that a user requires access to as soon as they join the company. A few examples are key systems like Active Directory for Desktop/Laptop login, Email etc.
Most organisations end up with onboarding AD for account creation. They may then add email account creation and add some critical applications. In our conversation with many organisations, they tend to have hundreds of applications that need to be onboarded for JML, certification and separation of duty checks. Applications where users have accumulated access over years as they have moved within the organisation but there is very little visibility. Most Identity programs fail to move beyond onboarding of a small set of critical applications.
This is in line with our analysis, where only 15% of actual functionality is being used. Based on a survey report published by one of the leading IAM providers Sailpoint, most of the customers are still at ground level 1. The survey further highlights that even mature companies have governance gaps, covering less than 70% of identities.
Venture Beat quoted Gartner’s State of IAM talk from 2023, as saying that enterprises have an average IAM maturity score of 2.4 out of 5.
Reasons are plenty, everything from complexity, enterprise processes, budget constraints and lack of skilled resources to undertake the work. A lot has been written about shortage of skills required to staff the security teams. These staffing and skills gaps severely impact IAM projects, as companies cannot get the required staff to operate the IAM platforms and onboard the subsequent applications.
At Identity Centric, we believe that Security is paramount to an enterprise’s existence in the digital world. We offer low cost, fixed price bundles which do not require long term commitment. We also offer “ready to deploy” content for your IAM tools, SOAR and SIEM platforms. While each customer is unique and has their own unique set of requirements, there are broader set of common functionalities that can be pre-built and customised to the customers’ requirements during implementation. These platforms have been around long enough to have a level of maturity so that pre-built content can be deployed rapidly with small modifications.
We are aiming to revolutionise how enterprises engage with Service Providers. Tell us what you need we quite likely have a fixed price bundle for that. We aim to keep our costs low and aim to pass on the savings to our customers.
Identity Centric have a team of highly experienced IAM professionals available to support you through your IAM journey. Connect with one of our experts at sales@identitycentric.com
