Identity governance and administration (IGA) is a critical part of modern business. It’s one of the single most important pieces of creating and balancing a productive and secure work environment. With a reputation like that, IGA should be the star of the show. Yet, for many, it’s simply a box to check or an afterthought. Perhaps that’s why so many IGA programs fail. But there’s no time like the present to turn it around and start realizing true business value from your identity solution.
Make no mistake, running a successful IGA program requires effort. That effort, when done right, can both protect and accelerate your business. At a time when data is both a prized asset and a potential liability, IGA is the key to safeguarding one and unlocking the other. So, as you embark on your IGA journey, consider these five common roadblocks to a successful identity program and how you can flip the script.
1.) Unrealistic Expectations
Whether its vendors overselling their capabilities or the belief that Rome was built in a day, unrealistic expectations are bound to leave you disappointed. The most impactful way to demonstrate progress is to show broad value to a large audience immediately. When you consider a time not too long ago when you had to spend 30 minutes on the phone with the HelpDesk to reset your password, this isn’t as hard as it may sound. Set up your IGA initiative, deploy it, make it widely available, and above all, make sure it makes work easier for users. When employees understand and see the value in new processes, it can help facilitate more complex IT projects where the results may not be as visible.
2.) Forced Change
You may not have been in the market to upgrade your legacy on-prem IGA solution, but what if your vendor is migrating to the cloud? Even in the name of digital transformation, a massive tech overhaul can feel like anything but an improvement. So, do you grin and bear it or seek out another IGA solution entirely? While it seems daunting, choosing a new IGA solution can be a strategic opportunity to streamline productivity and strengthen security. Those who choose the latter approach should explore leveraging their existing IT competencies and tech stack to see if there’s a solution that works with their current systems and processes.
3.) Poor Support
Many identity vendors address the high cost of deployment and management by offering SaaS versions of their application. But these solutions lack feature parity with previous solutions, and are less customizable and functional due to cloud architecture. This means if you’re forced to upgrade, you’re also forced to adjust business processes to fit what’s available in the new solution. When you run your IGA program on your existing business platform, you remove the need to choose between security, flexibility, and maintenance. This approach provides not only a common user interface (UI) across a variety of IT and business areas, but a strong cloud architecture and streamlined workflows.
4.) Biting Off More than You Can Chew
The average business uses 371 SaaS applications (Productiv). The role of IGA is to maintain security and minimize risk of said apps. Yet, few have full connectors to bring them into your IGA solution. Instead, most are managed by IT Service Management (ITSM) processes or outside IT altogether. Not only is this a huge undertaking, but it leaves organizational silos and security gaps. Automating IGA tasks can help streamline efforts to ensure all applications are under governance in one single system or platform. By coupling IGA and ITSM with automated workflows, IT teams can bridge once disconnected systems and better manage all enterprise applications.
5.) Politics
Tale as old as time: a new executive comes in and brings their preferred team and vendors with them. This isn’t always a bad thing, but consideration must be given to how this fits into an existing organizational framework. Ripping and replacing for the sake of making your mark can lead to frustrated employees and unproductive processes that equate to more headaches than results. Be intentional about the solutions you choose—especially identity ones, which touch every aspect and person involved with your business.
The failure of IGA programs can be attributed to a variety of factors. Without proper alignment with business objectives, ineffective implementation, and a lack of immediate value-add, IGA initiatives will continue struggling to gain traction and deliver the intended benefits. To address these challenges and maximize the success of identity programs, organizations must get real about their expectations, plan strategically, be adaptable to change, and go one step at a time. By addressing the common IGA missteps, organizations can enhance their security posture, streamline compliance efforts, and unlock the full potential of their IGA investments.
About the Author
Jackson is the CSO at Clear Skye. He began his identity management career as an early employee at Toronto-based Zoomit Corp., the pioneer in the development of meta-directory products who Microsoft acquired in 1999. While at Microsoft, he was responsible for product planning and marketing around Microsoft’s identity & access management products including Active Directory and Microsoft Identity Manager. Jackson has held various senior product management and marketing roles since Microsoft including Vintela, Quest Software, Dell, One Identity, and Forcepoint. He studied computer science at the University of Ottawa, Canada. Jackson can be reached online at [email protected], LinkedIn, Twitter, and at our company website https://clearskye.com/