Story image

Myth-busting assumptions about identity governance - SailPoint

20 Mar 2019

Article by SailPoint APAC vice president Terry Burgess

As the years tick by, technology continues to advance, and the threats organisations have previously faced continue to change.

The target has changed for hackers and because of this, how organisations used to protect themselves are experiencing a change.

Where firewalls and physical perimeters used to be enough, organisations are struggling to find ways to protect the new area of interest for cybercriminals—their people.

And so, new methods of protection arose such as provisioning and access management.

However, amid all the change, many organisations were left confused about how to combat the threats facing them.

Enter identity governance.

The identity governance space has evolved and matured over the past 10 years, changing with the world around it.

But certain myths about the identity platform have persisted, and these misconceptions have, in some cases, been misleading organisations on how they should be protecting themselves. 

Myth #1: Provisioning will be-all and end-all

While the provisioning solutions from 10 years ago were sufficient for monitoring the users in an organisations’ system, they were not designed for detailed governance.

Identity governance helps to automate provisioning processes (as well as others) through a governance-based approach.

Today, this has become important in organisations to ensure their users have the right access for the right systems at the right time.

It also ensures enterprises have full visibility over their users, applications, and data at any point in time—which has become mission critical with the evolution of work.

Myth #2: Role management will solve everything

Not so long ago, it was assumed that role management would bring business context to identity management to simplify provisioning and compliance.

However, today it’s recognised that there shouldn’t be an emphasis on roles as a standalone solution. 

Roles should be viewed as a means to end.

While they are a key component of an effective identity governance solution, roles are not the only requirement for strong enterprise security.

Myth #3: Identity governance doesn’t work with or in the cloud

At one point, identity management solutions were delivered only on-premise, but with the rise of cloud applications, identity governance has had to evolve.

Not only can modern solutions govern access to cloud apps and data, but they can also be deployed entirely from the cloud.

In fact, all identity governance capabilities today can be cross-domain—this includes certification, password management, and more. 

Myth #4: Organisations only need identity governance if they’re subject to regulatory compliance

Government and regulatory bodies have increased the need for businesses to protect users through a new wave of compliance measures and regulations.

As a result, organisations are increasingly turning to preventative and detective controls to keep their data safe.

These controls protect all kinds of data from applications, stored on file shares, in the cloud, and even on mobile devices.

 Myth #5: Identity governance is IT’s problem

Identity used to be another “IT problem.”

But with applications and data increasingly being tied to a particular department, identity has transformed into a business issue.

Business managers are more frequently being tasked with defining and enforcing policies and controls to minimise access risk.

This, in turn, empowers business users to be more effective and secure with the data at their disposal.

The power of identity

In the face of disruptive change, organisations can expect governance to be complex—but the context and security it brings to organisations far outweighs this.

The power of identity goes beyond access.

In fact, identity goes beyond the network, and ties into both endpoint and data security.

Not only does it take information from every piece of an organisation’s security infrastructure, but when done correctly, identity governance has the power to tie all this data together.

By adopting an identity governance strategy that encompasses the entire organisation, business leaders can properly secure and govern identities and their access, giving them the clarity they need.

Safety solutions startup wins ‘radical generosity’ funding
Guardian Angel Security was one of five New Zealand businesses selected by 500 women (SheEO Activators) who contributed $1100 each.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.