Even as your enterprise considers migrating to the cloud or embracing a hybrid on-premise and cloud environment, you must also consider your identity management, access management, and compliance reporting needs. These issues will not go away in the cloud, after all. Enterprises large and small turn to identity governance and administration (IGA) solutions to help solve these concerns, but what does that entail? How will transitioning to the cloud affect your IGA solutions and strategies? What will you need to migrate to the cloud most effectively?
We spoke with Dave Hendrix, Senior Vice President of IdentityNow at SailPoint, to learn more about bringing identity governance to the cloud and what you need to watch for when deploying your IGA solution.
Solutions Review: What constitutes quality identity governance? What tools or capabilities does it include?
Dave Hendrix: Comprehensive identity governance provides complete visibility across today’s hybrid IT environment: linking people, applications, data, and devices to show who can access what, what they’re doing with that access, what kind of risk that represents. This visibility allows organizations to take action to mitigate that risk. Identity governance empowers organizations to automate costly IT processes while ensuring compliance to an alphabet soup of regulations and improve their overall security posture.
A strong identity governance program —or “quality identity governance”— establishes a framework and structure for the efficient management of identities. To do that, an identity governance suite provides compliance controls including access certification and identity policy, access request and automated provisioning, password management, and governance for data in unstructured files.
SR: What steps can businesses take to ensure their move to the cloud goes as smoothly as possible?
DH: Securely migrating to the cloud—and then successfully managing the adoption of cloud applications—requires the same fundamental identity governance principles. But most organizations are moving to the cloud gradually, and will continue to have on-premises applications. This hybrid IT environment requires a single identity governance solution that manages both on-premises and cloud applications holistically in order to have 360-degree visibility into identity data across the entire IT ecosystem.
For cloud-first organizations that want to deploy identity governance from the cloud, they still need a solution that can manage on-premises applications. There are many benefits for taking this approach, but organizations must first think about their business requirements and identity needs. Often times, organizations are considering a move to the cloud to protect from internal or external security threats, meeting regulatory compliance requirements, enabling the business, and lowering operating costs. Before diving in, it’s best to take a step back and determine what an ideal identity governance program in the cloud looks like, including services like user provisioning, password management, access certifications, and access requests.
Once an organization has determined which services will help meet their security, compliance, and business enablement goals they can then determine which solutions provide the services they need. After evaluating their current identity governance program and determining the goals they’re trying to achieve with a cloud migration, organizations should outline a plan of attack for implementation and create a timeline that prioritizes their critical business needs to demonstrate visible success to key stakeholders in the project.
SR: What kinds of flexibility are necessary for identity governance when migrating to the cloud?
DH: Regardless of how it is deployed, an effective identity governance solution needs to provide complete visibility across all applications whether they’re on-premises or cloud applications. This visibility creates the foundation to build policies and controls essential for compliance and security. An effective identity governance solution should also include the ability to automate these controls to reduce human error and relieve overburdened IT departments.
Cloud-based identity governance solves all these identity-related problems by using a configurable, best practices approach. If organizations don’t have the time or expertise required to create custom identity governance policies and processes from scratch, cloud-based identity governance is ideal.
SR: What resources will organizations need to migrate with effective security?
DH: While the benefits of cloud migration are clear—faster deployment times, cost savings, simplified management, and increased business agility—there are still elements to consider before moving to the cloud. Chief among these is security. In order to migrate to the cloud with effective security, it is critical to establish and maintain strong identity governance controls. Specifically, making sure that the organization has full visibility and accountability for people and their access, no matter where the user is located or what device they are using to access the data. It’s the first line of defense in protecting critical corporate data.
The second key to migrating securely is the ability to govern everything. Organizations need to understand who has access, if they should have access and what they are doing with that access. With BYOD and the global workforce, enterprises are tasked with managing increasingly complex environments where employees can use their personal devices to access corporate accounts in the cloud. IT organizations need visibility into and control over that. One of the many benefits of identity governance, in addition to security, is that it also empowers the user, enabling them to access data whenever, wherever, securely and without boundaries. It’s not just good for security, but good for business.
Thanks again to Dave Hendrix of Sailpoint for answering our questions!
Dave Hendrix leads business unit activities for IdentityNow at SailPoint. As senior vice president, Dave oversees the engineering, product management, development, operations and client services functions of IdentityNow. He spent 10 years as SailPoint’s SVP of client services, deploying market-leading solutions at hundreds of organizations. Prior to SailPoint, Dave ran client services at Convio, a SaaS CRM company. Before that, he was in leadership roles at Kinzan and iXL, both cloud companies delivering B2B solutions. Dave is also a former member of the United States Air Force.
Latest posts by Ben Canner (see all)
- What are The Key IDaaS Capabilities for Enterprises? - October 16, 2019
- What are “Pass the Hash” Attacks? How Can Your Enterprise Prevent Them? - October 16, 2019
- What’s Changed: 2019 Gartner Magic Quadrant for Identity Governance and Administration (IGA) - October 14, 2019