The Top 3 Enterprise Identity Governance Mistakes

The Top 3 Enterprise Identity Governance Mistakes

What are the top three identity governance mistakes enterprises make? Why does identity governance and administration (IGA) matter for your overall identity management? How can it supplement and strengthen your enterprise cybersecurity? 

Of all the categories of identity and access management, identity governance remains one of the most enigmatic and misunderstood. Yet IGA belongs firmly in the enterprise cybersecurity conversation; its capabilities and functions ensure the fulfillment of strong identity security and efficient workflows. 

So you need to avoid the most common identity governance mistakes. Here are the three most typical and how your business can avoid them. 

The Top 3 Enterprise Identity Governance Mistakes     

1. Neglecting IGA In the First Place 

As with many cybersecurity mistakes, most identity governance mistakes begins with a failure to deploy a solution. Usually, this stems from ignorance rather than neglect. Enterprises don’t recognize the benefits of identity governance to identity management, cybersecurity, and workflows. Additionally, they also don’t recognize the problems a lack of identity governance causes. 

For the latter, the problems caused by identity management mistakes prove more than troubling. One of these is visibility. According to the Sailpoint 2018 Identity Report, only twenty percent of enterprises report visibility over all their users. Simultaneously, seven percent do not have visibility at all. 

We repeat this maxim quite a lot but it bears repeating: visibility forms the core of any strong cybersecurity policy. You can’t protect what you can’t see. Maintaining visibility over all of your users should become a top priority. 

Meanwhile, without proper identity lifecycle and role management, your users will struggle with privilege-issues. Either they receive inadequate permissions for their roles, causing workflow issues, or too many permissions, causing identity security problems. 

The latter especially becomes worrying; employees in unmonitored systems could slowly accumulate permissions due to access creep. Their credentials become attractive targets for hackers and insider threats alike.

Fortunately, identity governance and administration enacts role management and identity life cycle management; these ensure privilege regulation and secure onboarding and offboarding, respectively. Additionally, your IT security team can use governance to monitor the privileges of each user and remove unnecessary ones.   

Other IGA capabilities include entitlements management, centralized access request management, access certification, reporting, and compliance. 

2. Failure to Properly Deploy 

So one of the critical enterprise identity governance mistakes involves not deploying IGA. Of course, the opposite is also true: failing to deploy IGA optimally. Indeed, identity governance and administration possesses a reputation for difficult deployment and replacement. In the 2018 Critical Capabilities for Identity Governance and Administration report, Gartner states “50% of [current] IGA deployments are in distress.”

Enterprise concerns about replacement actually merit deeper analysis; cybersecurity overall can be difficult to replace—these solutions intimately tie into your workflows and databases. Each requires time and resources both in deploying it and in training users to work within its parameters. In other words, this isn’t a problem exclusive to identity governance. Therefore, you need to focus on determining your own individual use-case and make sure you find the right fit.

As for the inherent difficulty of identity governance deployment, these concerns tend to focus on on-premises IGA solutions—an infrastructure rapidly becoming outdated. Gartner predicts as much as forty percent of business IGA buyers will select cloud-architecture solutions by 2021. Also, fifteen percent will choose cloud-hosted software.

Instead, your enterprise should examine whether cloud identity governance fits your enterprise. Researchers find cloud IGA solutions deploy faster, upgrade more easily, and provide smoother management capabilities. 

Moreover, if your enterprise fears the potential pitfalls of identity governance mistakes, you can consider hiring a managed solution. Through managed security services, your business can enjoy the benefits of full-time identity monitoring without risking burning out your security team. In addition, managed identity security services can process the role management, compliance reporting, and access request features which require human intelligence.

3. Assuming Identity Works in a Vacuum 

In other words, identity governance mistakes often begin with integration issues. IGA constitutes an essential part of your enterprise’s identity management and your cybersecurity. However, it doesn’t and can’t constitute the whole of it. Your enterprise needs to integrate IGA solution with other cybersecurity solutions, including endpoint security and SIEM. Additionally, you need to consider other identity security solutions like privileged access management.

Even Gartner recognizes the importance of integration in their selected IGA solutions for the 2018 Magic Quadrant. Integration issues can create vulnerabilities and security holes as the solutions clash with each other or create a false sense of security. 

This also emphasizes the importance of careful consideration in selecting an identity governance solution. Many decision-makers select a single solution to solve a single problem regardless of their current infrastructure. This creates many more problems long term. Instead, look for a holistic solution as much as possible.

As part of your selection process, check your solution candidates’ integration platforms. Most will share their partnership agreements and integrations prominently for easy comparison. 

You can learn more about identity governance and administration in our 2019 Buyer’s Guide. You can also check out our Identity Management Buyer’s Guide or Vendor Map.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner