Aligning Access Governance and Privilege Management
Well-designed IAM/IAG-architectures establish real-time visibility of all accounts of a person, thereby closing a formerly intrinsic security gap. Bridging between established governance silos within organizations enables full enforcement of Segregation of Duties rules for both business and privileged access. Thus, it substantially improves an organization's security posture.
Traditionally, the management of identities and their access to IT systems within an organization have been split up within different disciplines. Business users, the so-called standard users, have been managed within the traditional Identity and Access Management (IAM) systems and have been more recently covered within Access Governance and access analytics systems. Within the last 5 to 10 years Privilege Management has been added to the portfolio of identity and access capabilities under Corporate Governance and Security teams.
Today, many organizations have deployed solutions in both the Privilege Management and IAM/IAG areas, but they have often been deployed independently of one another. The separation of responsibilities is in most, if not all cases, inadequate for achieving and maintaining a truly comprehensive view on personalized and non-personalized access to IT systems, be it for standard or elevated access.
Instead, modern and up-to-date concepts, architectures and processes must ensure that all access to systems is uniformly administered and monitored, regardless of whether it is standard access, highly privileged access, or personalized or non-personalized access. The challenges associated with such a requirement are considerable. A consistent implementation for the fulfilment of these requirements must be reflected in an appropriate architecture, which in turn must represent a valid portion of an overall IAM architecture.
This becomes even more important with the lines between standard users and privileged users are blurring more and more. As access management blends with business management, team leads often become administrative users of cloud-based services, such as SaaS applications. System administrators on the other hand are using business and office infrastructure as part of their daily work life. Modern Privilege Management and Access Governance infrastructures need to handle these changing requirements and provide viable solutions.
KuppingerCole provides a comprehensive IAM/IAG Reference Architecture as the common denominator for describing a building block-based approach for individual architecture designs. This document describes the required services and the IAM architecture components necessary to design, implement, and integrate Privilege Management and Access Governance within an enterprise.