As the CEO and co-founder of a tech company, it’s easy to fall into the habit of using acronyms and jargon, especially in the identity space. With terms such as IAM (identity and access management), 2FA (two-factor authentication) and SSO (single sign on) used regularly, I can understand why businesses might think identity is complex. But in reality, identity powers every business and the concept of identity governance is simple.
Historically, identity was primarily about provisioning internal users to IT resources and managing web access. Back then, it was discussed only at security conferences and managed by a few folk deep within the IT department.
Today, most businesses are primarily digital. Accordingly, managing identity has moved from the IT backroom to fuel and enable successful long-term digital transformation. Simply, identity governs users’ access to the resources they need to do their job, whether that’s from an office or remotely.
Think about it:
- There are more workplace users than ever before, going beyond employees to contractors, suppliers, business partners and even software bots.
- Businesses use tens, hundreds or sometimes even thousands of applications – whether on-premises, cloud or software as a service.
- Mission-critical data is increasingly being shared, stored and accessed outside of structured systems in tools, like SharePoint and DropBox.
All of the above are powered by identity. Put simply, you can’t use a tool if you don’t have an ‘identity’ through which to access it.
However, identity, while the great enabler, can also be an organisation’s weakest link. For example, hackers systematically exploit identities of authorised individuals to get inside businesses’ cyber defences. Other users are given, or retain, identity access privileges they shouldn’t have.
Before digitised data and digital platforms, securing identity was carried out by humans, often very manually. Worryingly, many companies are still relying on Excel spreadsheets and antiquated systems to manage their compliance programs, leaving their businesses exposed.
Identity and its uses have evolved, for better or for worse. The sheer number of events that occur around user access – human and non-human, in office and remote, across a range of partners and vendors – makes identity governance a challenge.
Fortunately, the concept of identity governance is inherently simple. It can be broken down into three questions: Who has access to what? Who should have access? And how are they using that access? Businesses that can answer these three questions will be well on their way to having visibility and control over the identities in their organisation.
Business leaders need to realise the importance of making identity governance a board-level priority. Identity governance is the only way to address today’s increasingly complex IT environment, ensuring full visibility to efficiently and securely manage digital identities and embrace digital transformation with confidence.