February 16, 2016 By Security Intelligence Staff 2 min read

Authored by Daniel Poliquin, Principal of Deloitte Advisory Services.

You’ve likely heard tourists talk louder and louder as they try to communicate with locals who speak a different language. Business leaders and IT teams often have a similar language gap. It’s no wonder that technical solutions frequently don’t solve the business need they were intended to fill.

Many companies have very little to show for the vast amounts of time and money they’ve spent trying to prevent cyberthreats and improve IT system security. That could be because these enterprises have viewed identity governance as an IT problem when it’s really a business problem.

Identity Governance: A How-To

For the business to function efficiently, the right people need the appropriate level of access to the right systems at the right time. The business also needs system flexibility to develop new operating models, streamline processes and break down silos to continue to create sustainable value.

To effectively address these risks and opportunities, the business has to be actively involved in delivering an identity governance program that works. Here are a few tips for launching a business-led approach:

  • Start with a clear vision. What does an effective and efficient identity governance program for your enterprise look like? Which assets are critical to protect? Who needs access to these assets? Why do they need access? When do they need access? How does this compare to your current state?
  • Align key players. Bring together influential people from the business, IT and security to work together to fulfill your vision. Many companies also bring in a third-party adviser who is experienced in business transformation and implementing effective identity governance programs. These advisers should be able to translate business needs into technical requirements and vice versa.
  • Develop the transformation plan. Many organizations have morphed over time, creating a hodgepodge of systems, processes and roles. Before a technical solution can be effectively implemented, organizations must have a plan to streamline and standardize their operations. This business plan then drives the technology plan.
  • Implement the plan. When the business and IT share a common vision of the end state, they are more likely to gain the support of the people within their organizations and deliver a governance program that’s supported across the enterprise.

Of course, any transformative project is difficult to pull off, but we have found that when the business and IT are both actively engaged, the result is a more vigilant, resilient and secure enterprise.

Learn More

Attend IBM InterConnect 2016 in Las Vegas to join me and Andrea Rossi, vice president of Identity Governance and Intelligence Sales at IBM, as we discuss how leading organizations are dealing with identity governance.

Our presentation “Identity Governance: The Good, the Bad and the Ugly” provides an overview of trends driving the need for identity governance, how IBM’s new governance offerings bolster compliance and the top reasons why your business needs identity governance. The talk is scheduled for Monday, Feb. 22, at 4:30 p.m. in Mandalay Bay’s South Lagoon A.

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today