October 31, 2019

Ghosts of the Past: Tackling IGA Transformation

Diana Volere

Ghosts of the Past: Tackling IGA Transformation

Halloween lurks around the corner bringing chills, thrills, and fun frights. While a good scare is in the spirit of the holiday; the terror of a data breach is never enjoyable. Arthur C. Clarke compared technology to magic, a reasonable analogy today’s world. Our cars drive themselves, disembodied voices obey our instructions, we can see friends half-a-world away via glass screens, and at work, we can manage a team spread among multiple countries; technology has transfigured our world, as surely as McGonagal did her desk. All this wonder is not without its own dark alleys and boogeymen. Like a blood pact, technology decisions of the past seem to get in the way of modernization. Legacy identity solutions can’t support the new initiatives you want to embrace, because every time you are trying to do something new, another skeleton rises from the graveyard of past decisions. Let’s look at some of the challenges enterprises face from these undying implementations and the cost of not laying these bones to rest. This Hallow’s Eve we’ll take a moment to explore some of the creepy aspects of IT and consider the needful things that have granted our desires… but not without a price.

They’re Here

I’ve commented before about the gig economy in healthcare, but the gig economy transcends verticals. Organizations want to be able to take advantage of an agile workforce, but doing so can expose you to a nightmare of significant risk. These highly transient poltergeists can be hard to enroll swiftly and harder to exorcise from your organization when it’s time for them to pass on. Even taking advantage of invitation-based provisioning solutions (such as Microsoft’s B2B collaboration users) can allow one or two ghosts to slip through their chains of responsibility without clear governance in place. By identifying details like a responsible contact, a successive person that falls to if the first one vanishes, and an end date, you can protect your organization from having its data bled away.

Don’t Cross the Streams

As you’re moving and shaking, whether in M&As or just embracing multiple platforms, it’s hard to have a clear vision across disparate applications showing where someone is actually causing a risk. You can’t be certain you’re safe from the spectre of Separation of Duty (SOD) violations with legacy identity solutions that can’t ensure cross-application SODs. With these often tied to the most valuable organizational assets, good and modern governance is clearly needed to catch them before they become a nuisance.

Safely SaaS-ing

SaaS is clearly the way to go for applications, as much as possible. Most organizations want to ease application access through federation, which also helps to ensure security; if the person should happen to depart the organization, they simply can’t get into the application anymore. Problem solved, right? Not quite. Federation doesn’t erase challenges around governance and makes the chain of access as opaque as a walk in the fog at midnight. Group membership in the identity provider dictates a role membership within the SaaS application, but organizations need visibility and governance over who might be changing what the role in the SaaS application has access to. This has to then be tied back to the group in the identity provider. Without this chain of clear governance, organizations are vulnerable to getting bit by any vampire who wants to abuse access policies.

RESTing in Peace

Organizations have dug up whole new revenue streams through the monetization of data. However, the need to provide APIs and REST endpoints for the consumption of this data and related services resurrects the spectre of risk. How do you ensure that these APIs are governed just like you would identities? The shambling zombies of legacy identity solutions can’t do this. They don’t have the ability to treat programmatic artifacts as identities and implement access reviews and ownership over them. If you want to take advantage of the API economy, you need an IGA solution that can ensure your API security so you can REST in peace.

Bringing in the Ghostbuster

When you need to get rid of these spooks and embrace all the rich capabilities of digital transformation, Saviynt is who you’re gonna call. Saviynt’s Intelligent Identity Hub is designed to address the identity challenges of organizations pursuing digital transformation, providing a modernized cloud-architected Identity Governance and Administration (IGA) platform to be the foundation of an organization’s digital transformation.

Vanishing and Reappearing Employees

When members of your workforce come and go, like ghosts in the night; you need to be certain that they have frictionless access and lose it when they no longer need it. Even legacy solutions can manage this with a bit of effort. The bigger challenge, however, is that each temporary employee has a designated owner/reviewer, and if that owner departs, then a new owner/reviewer must automatically be chosen. Saviynt is designed to provide this failsafe so you don’t have anyone disappearing into the ether due to a lack of governance, or lingering like a poltergeist due to no reviewer catching that they should be terminated.

The Antidote to Toxicity

Trying to gain visibility into the risks between disparate applications requires a tool that can shed light upon cross-application access and relationship. Saviynt’s ability to see to the guts of your entitlements and access privileges gives us the chemistry necessary to find an antidote for those toxic access combinations. We can identify these risks and let you apply mitigating controls to help ensure this risk isn’t slipping away in the dark to eventually become an incident.

Unwrapping the Mummy

When you need to ensure visibility into your SaaS applications beneath the wrappings of groups, roles, and federation, Saviynt will be the one to help remove that fabric and reveal what is beneath. Organizations need to be able to validate access from the local identity provider through the actual access in the target application, know when someone dabbles in changing the groups, and ensure end-to-end governance in your SaaS ecosystem. Saviynt’s visibility helps you circumvent the risk of a local administrator giving manual access to a group that has excess rights in an application, or a SaaS administrator changing what rights a role grants, so you don’t find yourself overwhelmed by the monster of excess access.

Things That Go Bump In The Night

APIs can seem like the ghost in the shell, operating almost invisibly inside the machine. Fortunately, Saviynt’s analytics keep you informed of things unseen better than any ouija board. When your API is querying information, you can be certain it never has rights to do more than you intend, and automatically remove those zombie privileges when they aren’t being used so you adhere to zero standing privileges (ZSP). Better yet, you have that succession management so if one owner of the API departs for the great beyond— or even a competitor— ownership will automatically pass to the right person to maintain your chain of security.

Have a Happy and Safe Halloween

It’s a scary season, from Halloween to the slasher headlines to the all to frequent horror stories of organizations suffering incidents, breaches, and audit findings. But just like Halloween can be fun with friends, you don’t have to do this alone. Saviynt is here to secure you against the nightmares along your digital transformation journey. We wish you the best spooky season, and stay safe out there!