sb-au logo
Story image

Myth-busting assumptions about identity governance - SailPoint

20 Mar 2019

Article by SailPoint APAC vice president Terry Burgess

As the years tick by, technology continues to advance, and the threats organisations have previously faced continue to change.

The target has changed for hackers and because of this, how organisations used to protect themselves are experiencing a change.

Where firewalls and physical perimeters used to be enough, organisations are struggling to find ways to protect the new area of interest for cybercriminals—their people.

And so, new methods of protection arose such as provisioning and access management.

However, amid all the change, many organisations were left confused about how to combat the threats facing them.

Enter identity governance.

The identity governance space has evolved and matured over the past 10 years, changing with the world around it.

But certain myths about the identity platform have persisted, and these misconceptions have, in some cases, been misleading organisations on how they should be protecting themselves. 

Myth #1: Provisioning will be-all and end-all

While the provisioning solutions from 10 years ago were sufficient for monitoring the users in an organisations’ system, they were not designed for detailed governance.

Identity governance helps to automate provisioning processes (as well as others) through a governance-based approach.

Today, this has become important in organisations to ensure their users have the right access for the right systems at the right time.

It also ensures enterprises have full visibility over their users, applications, and data at any point in time—which has become mission critical with the evolution of work.

Myth #2: Role management will solve everything

Not so long ago, it was assumed that role management would bring business context to identity management to simplify provisioning and compliance.

However, today it’s recognised that there shouldn’t be an emphasis on roles as a standalone solution. 

Roles should be viewed as a means to end.

While they are a key component of an effective identity governance solution, roles are not the only requirement for strong enterprise security.

Myth #3: Identity governance doesn’t work with or in the cloud

At one point, identity management solutions were delivered only on-premise, but with the rise of cloud applications, identity governance has had to evolve.

Not only can modern solutions govern access to cloud apps and data, but they can also be deployed entirely from the cloud.

In fact, all identity governance capabilities today can be cross-domain—this includes certification, password management, and more. 

Myth #4: Organisations only need identity governance if they’re subject to regulatory compliance

Government and regulatory bodies have increased the need for businesses to protect users through a new wave of compliance measures and regulations.

As a result, organisations are increasingly turning to preventative and detective controls to keep their data safe.

These controls protect all kinds of data from applications, stored on file shares, in the cloud, and even on mobile devices.

 Myth #5: Identity governance is IT’s problem

Identity used to be another “IT problem.”

But with applications and data increasingly being tied to a particular department, identity has transformed into a business issue.

Business managers are more frequently being tasked with defining and enforcing policies and controls to minimise access risk.

This, in turn, empowers business users to be more effective and secure with the data at their disposal.

The power of identity

In the face of disruptive change, organisations can expect governance to be complex—but the context and security it brings to organisations far outweighs this.

The power of identity goes beyond access.

In fact, identity goes beyond the network, and ties into both endpoint and data security.

Not only does it take information from every piece of an organisation’s security infrastructure, but when done correctly, identity governance has the power to tie all this data together.

By adopting an identity governance strategy that encompasses the entire organisation, business leaders can properly secure and govern identities and their access, giving them the clarity they need.

Story image
IronNet expands Asia Pacific presence with new strategic partnership
“The combination of M.Tech’s extensive network in Asia Pacific and our unparalleled expertise in threat intelligence and detection will help more enterprises across the region to proactively identify and take down known and unknown threats before they happen.”More
Story image
SMEs treading water against 'endless volley' of cyber-attacks — report
According to a new report from Cynet, these SMEs are resorting to outsourcing some aspects of their threat mitigation in order to safeguard IT assets, as a result of the heightened risk of serious breaches.More
Story image
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More
Story image
Phishing email attacks targeting remote workers on the rise
“Just because employees may be more used to their home office environment doesn’t mean that they can let their guard down."More
Story image
CompTIA forms Cybersecurity Advisory Council, led by 16 security execs
The new body will be co-chaired by Tech Data director of security solutions Tracy Holtz, and Alvaka Networks chief operating officer and chief information security officer Kevin McDonald.More
Story image
A brief history of cyber-threats — from 2000 to 2020
Many significant cybersecurity events have occurred since the year 2000 — not every one of them ‘firsts’, but all of them correlating with a change in security behaviour or protection.More