Whitepaper

Identity Governance. The Value of Leveraging IGA Functions from the Cloud

With IT functions gradually shifting to the cloud, it is time to rethink the way supporting infrastructure and platform services such as IGA (Identity Governance and Administration) are implemented. While solutions running on premises, but also supporting cloud services were the norm until now, running IGA as a service, with support for the hybrid reality of IT infrastructures becomes the adequate solution.

Martin Kuppinger

mk@kuppingercole.com

Commissioned by Microsoft

1 Introduction

IGA (Identity Governance and Administration) is one of the core disciplines of today’s IAM (Identity and Access Management). IGA factually is a combination of Identity Provisioning and Access Governance. The traditional focus of IGA is on on-premises applications and on static entitlements, i.e. the access rights granted in the applications. However, when looking at the reality of Business Access Risks – the risks imposed to business by fraudulent access – the scope broadens. IGA today must take a perspective beyond the financial risks, and also beyond static entitlements. It must cover all types of applications, all types of business access risks, and it must implement security controls at various levels.

Factually, such broader scope of IGA could be implemented both on premises and in the cloud. However there are good reasons to run this integrated, extended IGA from the cloud. Historically, hybrid IT was centered around – mostly established – on premises solutions that where extended to support the “new” cloud infrastructure. The reality of IT in many businesses has changed since then. Cloud is the new normal, while there remain on premises services that need to be supported. While IT remains hybrid for most businesses and will do so at least mid-term, sometimes even long-term, the focus of IT initiatives already shifted from on premises to cloud. Thus, core functions of IT – such as IGA – should be considered becoming a “cloud first” service.

With that shift in the way IGA is done – as a service, taking a broader perspective on access risks – it is time to rethink the existing IGA infrastructures. Beyond that, IGA is only one (central) piece in a puzzle of technologies required for protecting systems and information. IGA is one element of IAM and needs to work seamlessly with Adaptive Authentication, Privileged Access Management, and other technologies. Beyond that, it also must integrate with services such as Threat Intelligence, Enterprise Mobility Management, or CASBs (Cloud Access Security Brokers).

Microsoft delivers a range of technologies for moving IGA to the cloud and provides integration with a variety of additional capabilities within the Microsoft EMS (Enterprise Mobility +Security) offering. Microsoft Azure AD Identity Governance is a set of services and capabilities that allow businesses to manage identities and their access from the cloud, with integration to existing on premises environments and specific Access Governance capabilities such as access reviews.

Such approaches form the foundation for re-thinking the IAM and IGA infrastructure as part of the overall move of enterprise IT to the cloud.

Continue reading...
Read the full report and get access to KuppingerCole Research for 4 weeks.
Start Your Free Trial
Already a subscriber? Click here to login.