By Thomas Müller-Martin, Global Partner Technical Lead, Omada
More and more organizations are using a hybrid IT environment that combines both on-premises and cloud-based applications. The rise of remote work, driven by the pandemic, has only increased the speed of this transformation. In fact, Gartner predicts that more than 75% of midsize and large organizations will have adopted some kind of multi-cloud or hybrid IT strategy by 2021.
While this approach brings many advantages, it can also make it harder to get a transparent view of who has access to which IT systems and applications within the organization. As organizations continuously move more workloads to digital services, they will need a more solid approach to identity management. Identity Governance and Administration (IGA) has become a cornerstone of solid IT security, allowing organizations to implement processes for controlling, managing, and auditing access to data, which is an important prerequisite to reduce the security risk.
The growth of hybrid IT
Cloud adoption shows no signs of slowing down – in fact, IT spending overall continues to shift to public cloud computing. Gartner analysts believe that more than 45% of IT spending on system infrastructure, infrastructure software, application software, and business process outsourcing will shift from traditional solutions to cloud by 2024.
The cloud has been integral for many companies’ capability to stay productive during the shift to remote work, and it also comes with plenty of other advantages – like the cost savings of not having to house an on-premises data center. That said, not every business can or should shift entirely to the cloud. Some things have to remain on-premises and as a result, hybrid IT is growing.
However, these new solutions must still maintain regulatory compliance and secure collaboration across the organization and with partners and customers. They must support the rapid adoption of new digital services while respecting security and compliance. The solutions need to protect the brand and IP while acting in a complex ecosystem. The organization must therefore manage the risk while maintaining business agility and increasing efficiency.
The role of identity governance and access management
Ensuring security and staying compliant means that identity access management and identity governance are key. Migrating to the cloud creates potential exposed openings for attackers and different vulnerabilities, so organizations must revise their risk and security management.
Therefore, they need to have a vision for secure cloud adoption and then establish appropriate governance. It is important to ensure that a well-functioning, future-proof architecture for identity management and access governance is implemented. This architecture should secure the organization long-term and ensure correct data flows across disparate systems and directories.
An organization must know its identities and related accounts before enabling users to access and use cloud services. Companies must make sure that federated identities from suppliers, partners or customers are governed in a proper manner. Ideally, this should happen before collaboration begins, and the correct processes must be established and implemented. Organizations should also establish “local” security mechanisms, such as access request and certification, and they must also establish policies for cloud services.
What organizations need to know
When an organization uses an IGA solution, it allows the IT department to manage and govern all user access rights across a hybrid IT environment. Among the elements IGA processes oversee are:
- audit and compliance reporting to ensure continuous risk overview
- managing access to resources across an organization’s hybrid IT environments (on-premises and cloud-based applications)
- performing access reviews and certifications across all cloud and on-premises applications
- onboarding of new employees and offboarding leavers
- a structured approach to onboarding applications
- managing access to applications on a granular level in compliance with company policies, handling of access assignment policies and provisioning
The ability to process these elements effectively lets companies ensure compliance, save money and minimize the risk of data theft by insiders and hackers. A key factor in doing this well is ensuring that business systems are only accessible to those who need to use them to do their job – the “least privilege” approach.
As cloud adoption soars, hybrid IT shows no sign of slowing down. Market forces have converged to make this standard operating procedure. But that means, for regulatory and security reasons, organizations must get control of who has access to which parts of their distributed business systems.
To ensure security, compliance, and efficiency, businesses need IGA processes in place. These processes protect organizations from incidents that could damage their reputation or, in the worst case, cause them to go out of business. In the era of the cloud, with skyrocketing cyber threats and stringent legislation such as GDPR, having best practice IGA processes in place has become a license to operate. Implementing an IGA solution should be seen as a strategic investment, empowering organizations to realize significant business value.
About the Author
Thomas Müller-Martin is Global Partner Technical Lead at Omada. He has spent more than 15 years in identity and access management. As the implementation of identity-centric cyber-security strategies becomes more and more relevant for enterprises around the globe, he helps Omada partners to make their Identity Governance and Administration journey a success.