Identity Analytics et Identity Governance and Administration

Almost two years ago, Gartner made an observation about Identity Governance and Administration (IGA) projects, saying that the deployment of more than half of them posed problems and was subject to major execution difficulties. Two years later, this assessment is still valid. 

Many companies attest to the fact that these challenging projects can be tedious, costly and time-consuming, even when the appropriate software tools are used. The inherent complexity of IGA projects is an obstacle to the optimal use of the solutions available on the market. 

Identity Analytics is an indispensable component designed to support and accelerate IGA projects. This article will explain how to unlock its full potential to optimize processes and achieve successful results.

What are the challenges and issues facing IGA projects?

Impeccable data quality: an essential prerequisite

The data integrated into an IGA solution is the foundation of any project. It defines the processes to be used by the teams and allows them to make the right decisions. The absence of data quality issues makes it possible for teams to work together in an efficient and positive manner, making informed decisions much easier for all.

Data quality is based on the following factors:

  • Accuracy. Data must reflect the reality of accesses and, therefore, must be thoroughly detailed. All too often, however, access management solutions are limited to a macro level (roles and profiles) and do not provide visibility into fine-grained rights. Additionally, the link between technical rights and business activities is rarely documented and can be difficult to audit, becoming a source of errors.

  • Completeness.  The contextualization of data is essential. For each given access right, it must be possible to clearly identify which identity has access to which resource, which system, which application, etc. The HR context associated with this identity must also be available. For example, has the access right been granted to an employee or a service provider? In which department does the individual work and what are his or her responsibilities?

  • Uniqueness. Each piece of data must be unique and specific to a given context, and no duplicates should be present.

  • Integrity. Data must always be valid and current. Knowing when it was last updated is also important. If not, it could be at risk of being compromised.

  • Availability. Immediate access to data is a requirement. This allows users to analyze it and make the necessary updates.

  • Consistency. Is the data consistent across all the systems within the organization? For example, does an employee who has been terminated in the HR system still have active access rights in internal applications such as SAP?  If so, the data is not consistent.

Only by combining all of these parameters can the data quality be defined as satisfactory. If any one of them is missing, the data, and any decision based on it, can be compromised. Finally, an optimal level of data quality remains necessary to demonstrate access right compliance to auditors, and for this reason, a specialized tool is indispensable.

An IGA solution is not all-encompassing.

The scope covered by most IGA solutions is often limited. They are usually only connected to a portion of the company’s systems and applications, resulting in limited coverage of the various types of accesses including technical, application, orphaned and service accounts.

In the case of an organization that accesses numerous and diverse resources (cloud and on-premise applications, infrastructure, unstructured data, etc.), it is impossible to ensure that all of them are managed by IGA solutions. Additionally, global synchronization of all systems is also impossible.

IGA solutions provide only partial visibility into access rights. If any of them are overlooked, goals cannot be achieved and access right compliance cannot be proven. Using an IGA solution is not enough, since it does not guarantee that the correct access rights are granted to the appropriate individuals. Using Identity Analytics solves this problem by identifying and mapping all access rights.

 

An IGA solution without Identity Analytics

IGA Solution Without Identity Analytics

An IGA solution with Identity Analytics

IGA Solution With Identity Analytics

Unlock the full potential of Identity Analytics using an IGA solution.

A solution for each step of the process

 

The deployment of an IGA project can be broken down as follows: 

  • Understanding. It is necessary to first clean the data and access rights within the organization, then to enrich them with the identity context so as to better understand them.
  • Determination: Once this visibility is achieved, decision-making becomes easier.
  • Action: The operational part of the project can now be started.

The first two steps of any project are related to the analysis of access rights and should be handled by Identity Analytics, while the third step concerns the operational aspect of the IGA project. 

Identity Analytics is a true science of access rights, designed to help with the detection, measurement and reduction of risk related to data quality issues. A specially designed solution provides a full understanding of access rights, enabling the knowledge of who has access to what and to what extent. This clarity assists in making better decisions.

 

Identity Analytics

A guaranteed return on investment

 

According to Gartner, deploying identity and access rights governance using Identity Analytics can nearly double the return on investment. This is because Identity Analytics helps to clean and enrich the data before integrating it into the IGA solution.  It also optimizes the steps of the project, including the operational “run” phase.

Utilizing Identity Analytics is essential and allows the user to: 

  • identify and analyze all data and access rights present in all systems of the organization,
  • consolidate all the data by automatically and continuously correlating it (for example, Active Directory repositories and HR data), and
  • view the history of the data in order to perform comparative analyses.

Fully-controlled access rights with Identity Analytics Services

Facilitate decisions, demonstrate access right compliance to auditors, and detect all the risks related to access rights.  Achieving the multiple objectives of an IGA project without a dedicated Identity Analytics solution is mission impossible. Readily and easily available in the cloud, Identity Analytics Services is designed to meet the challenges and accelerate the pace of an IGA project, offering the guarantee of an optimal return on investment.

The following demonstration highlights the features of Brainwave’s Identity Analytics Services and demonstrates how to collect and enrich the data quality of all resources in order to prepare its migration to the IGA solution.

Together, let’s take back control of the access rights!