Identity Driven Governance provides great business and user value.
Over the years, many of the security risks have been identified and mitigated, but the largest remaining threat is the individuals accessing and handling your information. Many breaches occur because of flaws in access governance and careless practices. Also, privileged accounts (or administrative or highly empowered accounts) are attractive targets for attackers.
Organizations often struggle to leverage significant value from automated user account provisioning, due to the complexity of factors influencing Security requirements:
The complexity as well as the commonly used technical approach to Identity & Access Management contribute to a low confidence level of implementations.
Identity Driven Governance provides the mechanisms to execute corporate-wide change, both organizational and technical. And once executed, Identity Driven Governance organizes and controls behavior (human and technical), and to protect (business) information. Identity and Access Management* and Privileged Access Management* solutions are applications to verify users' identities and limit access to information and systems according to predefined role access entitlements. The Governance around it allows for maintaining the required maturity level, and creates awareness around information handling. Besides the increased level of information security, other benefits will be seen and felt on both business and user levels:
*Identity and Access Management (IAM) automates, monitors and controls user access of information, systems and infrastructure. While error-prone IT administrator work is eliminated, and interventions take place automatically when a breach is discovered by the system. Users' experience will improve greatly by increased operational efficiency, and audit reports and checks are performed by the press of a button.
*Privileged Access Management (PAM) restricts privileged access to vital systems to authorized users only. That access should be given only at appropriate times, only pursuant to strong authentication, and only with robust audit controls and reporting facilities in place. PAM will make it hard for attackers to expand an established beachhead by obtaining administrator privileges to additional systems. PAM requires administrator's accountability for the routine use of privileged access and, wherever possible, eliminate static, shared, and plaintext passwords, especially when they are used to sign into high-risk accounts. A PAM project will highlight necessary controls to apply to protect these accounts, which should be prioritized via a risk-based approach.