Legacy solutions hinder an organization’s ability to innovate and grow. On average, businesses spend
            30% of their IT budgets on managing legacy solutions. While companies might be able to get by with the
            drawbacks of outdated solutions for some functions, this isn’t something you want to risk when it comes
            to security. Legacy solutions are forced to keep and maintain a sizable amount of bespoke code, which
            makes  upgrades  expensive  and  therefore  not  done.  With  these  solutions  being  harder  to  update,
            implementing  new  features,  bug  patches  and  capabilities  to  support  new  business  and  regulatory
            requirements becomes harder, therefore, customers suffer.

            The original generation of IGA solutions relies on customized code, which is exceedingly challenging for
            enterprises to maintain in their environments. It’s like trying to find someone to fix your CD player; they’re
            hard to find these days. Implementations are cumbersome and require expert knowledge for basic tasks,
            and every solution upgrade to newer versions comes with hard-to-determine risk, a timely project and
            significant cost. However, after learning from the coding requirements of days gone by, today’s IGA now
            offers a far more straightforward method of granting users varying levels of access.

            When you extend an IGA solution by customization and coding, you need to be able to continuously
            maintain it. Customizations made 10 to 15 years ago will require development skills in older programming
            languages (e.g. Java, C++), as well as domain expertise on what that code actually does. This impacts
            resourcing, since even if you still have the staff for it, they are likely working on other projects  – and
            maintaining code from 15 years ago is a major time sink for innovation and newer projects.




            Shorter time to value

            Initially, IGA was driven by compliance requirements, and while this is still a true need for deploying IGA,
            the rising threats and attacks on identity are placing bigger expectations on IGA to help reduce the identity
            attack surface.

            Value can now be delivered in shorter time spans thanks to standard-based integrations and enriched
            data flows with third-party components. The ability to implement deep and broad with a high pace has
            significantly reduced the time-to-value for businesses, lowering costs along the way. It’s like exchanging
            your wall of CDs for the option to access your music collection via a streaming service.



            Exploring IGA trends

            There  are  currently  two  contradicting  trends  in  IGA:  vendor  consolidation  versus  best-of-breed. A
            platform player may be a good choice for small and low-complexity companies. But with more regulations
            and the explosion of identities and systems, more organizations are confronted with the limitations of
            platforms that often provide good-enough or basic functionality, but are hard to extend.


            A few things to consider when it comes to these trends are:

               •  Competition on connectivity: Platforms offer fewer choices in connectivity to other IAM solutions
                   (which they compete with).  Because the modern enterprise cybersecurity landscape contains a






            Cyber Defense eMagazine – February 2024 Edition                                                                                                                                                                                                          83
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.