The need to identify users, control what they can access and audit their activities is fundamental to information security. Over the past decade there has been a tsunami of identity and access management technology designed to provide a solution to these needs. However many organizations have not realised the benefits expected from the application of this technology, because they have taken a technology led approach rather than one based on governance. In addition – the move to outsourcing and the Cloud means that technology and some processes are no longer under direct control.
While management implements technology and executes processes, governance sets the policies, procedures, practices and organizational structures that ensure the execution of strategic goals. Identity and access governance sets the framework within which identity and access technology and processes are implemented. By shifting the focus to control rather than execution, governance is also the ideal approach to manage identity and access in an outsourced environment like the Cloud.