everythingpossible - Fotolia
Cloud technology is changing the identity governance and administration, also known as identity governance or identity security, market. By 2022, cloud-based identity security products will augment or replace 75% of existing software-delivered identity governance worldwide, according to Gartner.
In anticipation, learn more about this emerging platform's components, benefits and use cases, as well as what to look for in a cloud identity governance service.
What identity governance offers
To understand what identity governance does and how it can help their organizations, IT leaders should be aware of its two primary components:
- Identity governance policies and enforcement controls. These enable organizations to define identity and access management policies in numerous cloud environments and role assignments for end users and service accounts, as well as logging and access review auditing policies.
- Identity service administration tools. These administration tools and services can include federation and single sign-on tools to synchronize with existing identity stores. They can also facilitate provisioning into other service environments -- primarily in association with provisioning and deprovisioning tasks, as well as credential and account management. Additional capabilities may include device provisioning and access controls, management of entitlements, and reporting and monitoring dashboards.
How cloud identity governance advances business and security
Implementing cloud-based identity governance platforms can yield several benefits. First, they simplify processes and practices -- including access requests, password requests and resets, and user provisioning -- which can also reduce operational costs. In addition, they offer a wide array of APIs that organizations can use to integrate with cloud services and on-premises application and user workflows.
Second, cloud identity governance platforms are much easier to configure and start using, as no installation of hardware or complicated infrastructure is needed.
Finally, identity governance services can significantly improve security controls and processes related to authentication, authorization, provisioning and auditing -- and prove invaluable for regulatory audits and compliance reporting.
Identity governance and administration use cases
Organizations implement identity governance services to achieve numerous outcomes. Among the most prevalent use cases are the following:
- Develop and implement segregation of duties for cloud services and other applications.
- Perform access reviews, and monitor for cloud service users to ensure appropriate use of cloud services and detect signs of compromised accounts or other malicious behaviors based on patterns of access.
- Design and manage role assignments for business-specific requirements and services.
- Report on identity configuration and oversight for compliance and internal policy adherence.
- Integrate with on-premises directories and user entities with cloud-based application scenarios.
What to look for in an identity governance platform
To be a good fit in complex cloud environments, IT leaders should choose an identity governance platform that supports numerous cloud provider APIs and identity role and policy associations. Ideally, cloud identity services should also have connectivity capabilities that support unified management in both cloud and on-premises resources. Though some will offer on-premises gateways and appliances in addition to cloud-based services, many platforms will be situated exclusively in the cloud.
Identity governance platforms
There are several leading identity governance platforms available to implement in enterprise cloud environments. Some of the leading providers and product offerings include the following:
- Okta Workforce Identity
- SailPoint IdentityIQ and IdentityNow
- Ping Identity
- IBM Security Identity Governance and Intelligence
- Saviynt Identity Governance and Administration
- ForgeRock Identity Governance and Administration
- Oracle Identity Governance
- OneIdentity Identity Manager, Identity Manager Data Governance Edition, Starling Connect
Look for strong authentication and role-based access control capabilities, as well as detailed audit logging. Ideally, the audit logging can be exported to a central event management and monitoring platform. Deep capabilities in access management, provisioning, entitlements management and identity lifecycle management should be standard for any identity governance platform. A wide variety of reporting should also be available.
While not a requirement, some identity governance services have partnerships with leading cloud access security brokers and other security-specific services. This enables enterprises to implement a layered defense strategy for end users accessing cloud services, including strong identity-related controls, such as privilege management and threat detection.
Overall, the market for cloud identity governance offerings is likely to grow significantly as more organizations shift to cloud services implementation and on-premises identity management suites transition to cloud-based identity service models.