Evaluate your needs and prioritize solutions that offer open integration and independence from the single-vendor trend, ensuring robust IGA that aligns with evolving security demands and regulatory requirements
By Thomas Müller-Martin, Global Partner Lead, Omada
Let’s say you cherished your music collection, arranged in racks of CDs on your wall – and then you woke up one day and realized that digital downloads and streaming services have made your collection obsolete. For many enterprises today, working with their identity governance and administration (IGA) and identity access management (IAM) solutions is like that. It’s time to consider an alternative that increases security, productivity, and compliance.
How legacy solutions are holding you back
Legacy solutions hinder an organization’s ability to innovate and grow. On average, businesses spend 30% of their IT budgets on managing legacy solutions. While companies might be able to get by with the drawbacks of outdated solutions for some functions, this isn’t something you want to risk when it comes to security. Legacy solutions are forced to keep and maintain a sizable amount of bespoke code, which makes upgrades expensive and therefore not done. With these solutions being harder to update, implementing new features, bug patches and capabilities to support new business and regulatory requirements becomes harder, therefore, customers suffer.
The original generation of IGA solutions relies on customized code, which is exceedingly challenging for enterprises to maintain in their environments. It’s like trying to find someone to fix your CD player; they’re hard to find these days. Implementations are cumbersome and require expert knowledge for basic tasks, and every solution upgrade to newer versions comes with hard-to-determine risk, a timely project and significant cost. However, after learning from the coding requirements of days gone by, today’s IGA now offers a far more straightforward method of granting users varying levels of access.
When you extend an IGA solution by customization and coding, you need to be able to continuously maintain it. Customizations made 10 to 15 years ago will require development skills in older programming languages (e.g. Java, C++), as well as domain expertise on what that code actually does. This impacts resourcing, since even if you still have the staff for it, they are likely working on other projects – and maintaining code from 15 years ago is a major time sink for innovation and newer projects.
Shorter time to value
Initially, IGA was driven by compliance requirements, and while this is still a true need for deploying IGA, the rising threats and attacks on identity are placing bigger expectations on IGA to help reduce the identity attack surface.
Value can now be delivered in shorter time spans thanks to standard-based integrations and enriched data flows with third-party components. The ability to implement deep and broad with a high pace has significantly reduced the time-to-value for businesses, lowering costs along the way. It’s like exchanging your wall of CDs for the option to access your music collection via a streaming service.
Exploring IGA trends
There are currently two contradicting trends in IGA: vendor consolidation versus best-of-breed. A platform player may be a good choice for small and low-complexity companies. But with more regulations and the explosion of identities and systems, more organizations are confronted with the limitations of platforms that often provide good-enough or basic functionality, but are hard to extend.
A few things to consider when it comes to these trends are:
- Competition on connectivity: Platforms offer fewer choices in connectivity to other IAM solutions (which they compete with). Because the modern enterprise cybersecurity landscape contains a selection of solutions optimized to suit the business needs, the ability to collaborate and seamlessly integrate is key for meeting future demands.
- Best of one world, worst of all others: Most platforms got their start by offering one great solution. They then acquire one or more industry solutions in adjacent parts of IAM and position themselves as a platform. But the level of integration is weak, and there is no added value unique to the platform. In most cases, the added solutions to the platform are not leaders in their category but are often second- or even third-tier, so customers adopting the platform are settling on subpar technology for parts of their identity fabric.
- “Rip and replace” is for bandages only: IAM consists of many components. Most companies already have several vendors in-house, providing Access Management (AM), Privileged Access Management (PAM), Single-Sign On (SSO), Identity Threat Detection and Response (ITDR), Customer Identity Management (CIAM) or closely related functionality like Security Information and Event Management (SIEM) solutions. Consolidation will take a long time, and the dependency on a single vendor is a risk in a highly dynamic, regulated environment. Adding a component that is focused on open integration with all kinds of systems is beneficial, as it frees you from dependency, and allows you to always make the solution decision optimized to your business needs. Selecting best-of-breed vendors, lowers the risk of functional lacks that can become disruptive to the rest of your infrastructure in the process. Doing a “rip and replace” to use the platform version is not ideal and adds unneeded costs to deployment.
The lesson here is to be aware of the impact that platform decisions have on your ability to stay agile, scalable and simple. Best-of-breed solutions are highly relevant for large and complex enterprises. Platform players are often a good solution for enterprises that are small, face no regulation, have no complexity demands and are just dipping their toes in the IGA space. Evaluate your needs and do not compromise on functionality.
Upgrade for your future security
Today, you’ve likely upgraded your music collection from CDs; now, it’s time to modernize identity governance and administration (IGA) for your enterprise. Legacy systems consume time and resources due to custom code maintenance. But Software-as-a-Service (SaaS)-based IGA solutions offer efficiency and accessibility, and security automation is a central feature. Smaller, less complex organizations may benefit from platform players, but larger enterprises should prioritize functionality and open integration to meet evolving security and regulatory demands. Evaluate your needs and prioritize solutions that offer open integration and independence from the single-vendor trend, ensuring robust IGA that aligns with evolving security demands and regulatory requirements.
About the Author
Thomas Müller-Martin is global partner lead at Omada. He has spent more than 15 years in identity and access management. As the implementation of identity-centric cyber-security strategies become more and more relevant for enterprises around the globe, he helps Omada partners to make their Identity Governance and Administration journey a success. Thomas can be reached online via LinkedIn and omadaidentity.com.
Source: www.cyberdefensemagazine.com