Taking a business-driven, rather than an IT-driven approach to identity and access management (IAM) fundamentally changes how organizations approach their IAM challenges, and dramatically improves the value they can obtain.
Specifically, with business-driven identity and access management solutions, companies can empower the business owners to take ownership of identity and access control, provide consistent, full business context across Identity and Access Management systems, connect to the full set of data and application resources, and significantly lower the total cost of ownership while scaling to modern enterprise environments.
Let's examine each of these areas in turn, as together they define what we mean by business-driven identity and access management. First, this approach enables the line of business to take accountability and responsibility for making access decisions, within the controls, processes, and policies defined by Information Security. This ensures that people in the line of business (and not within IT), are making access decisions, yet are not doing so without InfoSec's oversight. That is, business stakeholders have the context to make access decisions, and are ultimately responsible for making defensible access decisions. Information security teams must ensure that lines of business have what they need to make decisions on specific access rights, yet can enforce compliance with policy and regulatory requirements.
In order to do this, the IAM system must provide these business users with complete business context – combining technical information (about identities, accounts, and entitlements), along with non-technical knowledge (such as people's job responsibilities and project assignments). This business context must be complete – so that policies and processes can be correctly evaluated – and therefore requires that the IAM infrastructure be able to collect information from all key systems, applications, and data resources. This broad view (which traditional IAM systems have proven unable to provide) enables optimal decision-making about user access, and therefore results in a stronger security and compliance profile.
Having a centralized, unified platform for all identity and access context enables a single place to define policies and control processes, providing consistency and efficiency across all resources. (This is in stark contrast to the approach taken by traditional provisioning suites, which typically have been assembled via acquisition. This resulted in overlapping and misaligned components, and was a significant driver of the high costs and failures of many IdM projects).
Finally, a business-driven identity and access management system must manage identity and access business processes across the entire IT and security infrastructure, and have a policy-based approach to automation. This automated enforcement of governance policies ensures continuous compliance, across the entire access lifecycle.
A Phased Approach
We've learned a lot about identity and access management from our customers, prospects, and partners, and have tried to distill this down into a simple approach, and a simple set of requirements. In general, successful enterprises have approached their identity and access management programs in a phased approach, with a clear distinction between business logic and integration logic.
To learn more about how Aveksa approaches business-driven identity and access management, watch the three-minute video or download the whitepaper!
To learn more about Data Access Governance and how to protect data resources, watch our Data Governance video here.