When was the last time you heard an identity governance and administration (IGA) success story? If you’re thinking “not in my organization,” you’re in good company. IGA projects have a reputation for being hard to complete, drawn out and costly. But why are they so difficult to get right?

Measuring the Business Value of IGA

Part of the issue is that IGA projects are not differentiated from other identity and access management (IAM) efforts. IAM technologies are implemented to support one or more business process improvements or compliance initiatives. Mature IAM technologies provide solid support to organizations that need the fundamentals to integrate traditional and new applications. As such, they are predominantly infrastructure technologies.

IGA is different. Many enterprises expect IGA to deliver business value, but they are finding that it is difficult to get right primarily due to a mismatch between the IAM program road map and business priorities.

Three Tips for Identity Governance Success

The problem usually begins when a business approaches IGA as a technology project when it’s really a business transformation program. When such an approach is taken, more problems usually follow, such as:

  • Failure to deliver value early and on an ongoing basis. This undermines the trust in the effectiveness of the IGA program and can cause stakeholders to divert budget and eliminate resources for the completion of these efforts.
  • Automating already broken processes. This bandage solution often fails to eliminate manual interventions and results in hard-to-understand customization.
  • Mismatch between the IGA road map and business needs. This leads to poor adoption of the technology by the lines of business, and may jeopardize future program funding and progress.

The business benefits of IGA adoption are indirect and not immediately visible to the organization. This is a key reason why companies often lose their will for business participation, which is key for IGA project success. As a result, many organizations today are asking security professionals the question: How do we regularly demonstrate business impact and value from IGA?

Here are our recommendations, starting with a three-step deployment planning model:

1. Understand the Business Requirements for IGA Strategy

Before you begin, work with stakeholders to understand business requirements and create a clear vision of the end state you’re working toward. Document dependencies and identify gaps to address before beginning an IGA project. A good identity governance vision maps stakeholder needs to objectives and priorities, resulting in a project’s road map. An IGA road map with business cases helps justify IAM program funding by demonstrating how governance objectives align with business objectives.

2. Start Small and Keep It Simple

To win business interest in your project, deliver high-value and low-risk functionality early to build trust. Evaluate risks, value, costs and dependencies for deployment elements. Use readily available, out-of-the-box IGA capabilities to deploy features fast and leave customization for later. Encourage business stakeholders to share their enthusiasm and support with users and peers.

3. Plan for Success and Get It Right With IGA Deployment Prioritization

Once you have successfully deployed basic IGA functionality, you should have the support and momentum necessary to broaden your implementation. IGA offers many capabilities to support identity life cycle capabilities, such as application onboarding, access request approval, access recertification, role/segregation of duties (SoD) management, advanced auditing and intelligence. At this stage, prioritize business needs when approaching the automation of processes.

Putting People and Business First

Identity governance and administration services from IBM focus on people and business process before technology. Our three modular service packages are available to procure separately or together, depending on your IAM program maturity and IGA needs:

  1. IGA Adoption assists with the prioritization of your IGA integrations, providing conceptual architecture and a detailed adoption road map.
  2. IGA Accelerated Deployment helps demonstrate IGA capabilities to deliver high-value and low-risk functionality early with foundational capabilities. It also integrates select in-scope business applications.
  3. IGA Advanced Integration uses IGA capabilities to organize deployment. It provides a detailed design for broader governance services enablement, including expanded integrations with custom development and operationalization of end-to-end IGA services.

View the infographic to learn more about building an effective IGA program

More from Identity & Access

How to Keep Your Secrets Safe: A Password Primer

There are two kinds of companies in the world: those that have been breached by criminals, and those that have been breached and don't know it yet. Criminals are relentless. Today’s cyberattacks have evolved into high-level espionage perpetrated by robust criminal organizations or nation-states. In the era of software as a service (SaaS), enterprise data is more likely to be stored on the cloud rather than on prem. Using sophisticated cloud scanning software, criminals can breach an enterprise system within…

Making the Leap: The Risks and Benefits of Passwordless Authentication

The password isn't going anywhere. Passwordless authentication is gaining momentum, though. It appears to be winning the battle of how companies are choosing to log in. Like it or not, the security industry must contend with both in the future.  But for some businesses and agencies, going passwordless is the clear strategy. Microsoft, for instance, has recently stopped forcing users to use a password to access their account, which allows access to a wide range of Microsoft business and personal…

Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments

While cloud computing and its many forms (private, public, hybrid cloud or multi-cloud environments) have become ubiquitous with innovation and growth over the past decade, cybercriminals have closely watched the migration and introduced innovations of their own to exploit the platforms. Most of these exploits are based on poor configurations and human error. New IBM Security X-Force data reveals that many cloud-adopting businesses are falling behind on basic security best practices, introducing more risk to their organizations. Shedding light on…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…