Marie Kondo’s The Life-Changing Magic of Tidying Up seems to focus on pack rats. People buy new technologies and gadgets in their personal lives, which end up cluttering their homes, the same way that enterprises add new technologies to enable their businesses. However, instead of creating a physical clutter of objects, these new technologies create an identity governance clutter filled with digital and human users who no longer need access.
What Can Identity and Access Administrators Learn From Marie Kondo?
For identity access management (IAM) and identity governance and administration (IGA), Kondo’s guidance highlights the importance of decluttering:
“Two essential actions: discarding and deciding where to store things. Of the two, discarding must come first.”
Kondo’s two main tenets – reducing what you have, and keep everything in its place – can be applied generally to cybersecurity. Specifically, you can map your Digital Transformations into manageable solutions that drive you toward success. Rather than buying more tools that clutter up your IT infrastructure, you need to find a way to keep only what sparks joy – or in the business case, eases burdens – when moving to the cloud.
Complex Hybrid Environment
The traditional problem for companies seeking digital transformation lies in the lack of solutions available. You’re not trying to create clutter, but the current options force you to purchase IAM and IGA solutions on an ad hoc basis.
Kondo explains to her readers that often,
“The more they have, the more they worry about running out and the more anxious they become.”
The same holds true for IAM, IGA, and digitalization. You feel you need to add more application, more software, and more access points or fear a loss of revenue from not being at the front of the cloud migration movement. To manage access and remain secure, the enterprise adds more solutions. You fear not having enough protection, so you become anxious about not having all the tools necessary to manage your cybersecurity.
With the increased regulatory and industry standard compliance requirements, you’re not wrong.
Managing the security and risk of hybrid computing seems to be both easier and a whole lot more complex. As enterprises struggle to maintain their on-premise solutions while migrating to the cloud, they need to secure access and identity across on-premise (Legacy), Infrastructure as a Service (IaaS), Platform as a Service(PaaS), and Software as a Service (SaaS) environments.
Each of those four pillars requires a risk analysis and risk mitigation plan to address IAM and IGA security risks. Meanwhile, managing these environments needs to be consolidated into a standard access governance methodology.
Unfortunately, collecting technologies creates access governance clutter which makes proving compliance with internal controls nearly impossible.
How to KonMari Your IGA/IAM Program
Getting rid of the clutter and creating a single source of risk, compliance, and governance strengthens your IAM, IGA, and cybersecurity programs.
As Kondo reminds her readers,
“People have trouble discarding things that they could still use (functional value), that contain helpful information (informational value), and that have sentimental ties (emotional value). When these things are hard to obtain or replace (rarity), they become even harder to part with.”
Following the KonMarie Method, you think choosing a single solution would be easy. In reality, that doesn’t work. Think about the cluttered gadget drawer in your home. Maybe it has outdated smartphones or cords stuffed into it. Maybe you leave those there thinking, “I never know when I’m going to need them.” Then when you go looking for something, you can’t find it.
Business technologies, especially for IAM/IGA, work the same way. You collect the technologies. You use them, for a time. However, when you look to manage your risk and prove governance over your program, you find outdated identities that still have access, such as applications that you no longer use or former employees.
Unlike that gadget drawer which only causes frustration, those outdated identities can lead to unauthorized access that puts data integrity, confidentiality, and availability at risk.
How Do You Spark Joy In Your Modernization Strategy?
Once again, Kondo comes to the rescue.
“There are three approaches we can take toward our possessions: face them now, face them sometime, or avoid them until the day we die. The choice is ours.”
Getting rid of legacy systems is like cleaning out that cluttered gadget drawer. You need to remove everything that doesn’t “spark joy” or in the business case, provide value.
Saviynt’s Identity 3.0 provides a single location that streamlines identity access management and governance. Saviynt’s cloud-native platform uses intelligent analytics and provides cross-application integration to streamline IT modernization and promote better security, governance, and compliance. Business modernization changes the way companies review access requests, do access reviews, report analytics, and streamline certification campaigns.
Identity 3.0 incorporates application risk and governance, infrastructure management, privileged account management, and customer risk analysis. Thus, Saviynt’s identity modernization provides a single pane of glass to clear out the cluttered space and transform it into a managed tidy solution.
For more information on Saviynt’s Identity 3.0 solutions please check out my colleague’s webinar. Diana Volere will be presenting a Saviynt Insight: Innovating Identity 3.0 by Addressing Future Security Needs. Register here.
We also released a whitepaper last week focusing on Enabling Digital Transformation with Identity 3.0. Read more here.