Cyber Security

Will the convergence of IGA, PAM and AM fix the fractured identity landscape?

Published

on

Identity is fast becoming less of a tool and more of a strategic framework to secure digital assets and protect data privacy. As a result, when it comes to growing market-share, identity access management (IAM) vendors are looking to grab a larger percentage of the business. 

Identity protects digital assets, supports digital transformation initiatives, and bolsters Personal Identifiable Information (PII) privacy, using NIST-based security standards and best practices. It enables organizations to centrally manage their expanding perimeter of mobile and work from anywhere users, and on-premises, multi-cloud, and hybrid infrastructure environments. 

A comprehensive identity platform allows for a common user experience across multiple applications and systems (both legacy and modern) and allows consumers and distributed workforces to use the same authentication method to access applications and resources across different enterprises.

Converging the identity pillars

Identity has three distinct pillars; identity governance administration (IGA), privileged access management (PAM), and access management (AM). There are dozens of vendors that offer one of these pillars. In the past, they referred to their products as identity tools. However, many now call their products identity platforms as they begin building more integrated capabilities. Albeit, these are vendor-specific platforms, and no vendor today offers an identity platform with complete IGA, PAM and AM capabilities. 

Automation and interoperability of the three pillars are critical to ensure all applications, systems, APIs, policies, and processes are synergistic. Identity plays a pivotal role within an organization’s security stack. However, stakeholder roles are spread across IT infrastructure, security operations, and compliance to manage regulatory risk.

Digital transformation, and the implementation of identity as part of that initiative, is a journey and each organization is at a different stage in that journey. Organizations with more mature identity infrastructure have typically accumulated many different and disparate identity tools. Most have created a complex infrastructure with limited integration, and they still have yet to implement identity throughout all their applications. They typically have legacy and modern identity tools that are on-premises and cloud-based. Organizations with less mature identity capabilities might only have cloud-based identity solutions. They often have limited policies and processes that are not fully thought out. In either case, the security and privacy risk associated with both is high.

No matter where the organization is in their digital transformation, the identity platform needs to be adaptable and robust enough to support all situations and environments. Identity encompasses multiple senior executives, including leaders of IT (CIO), compliance (CCO), and security (CISO). Each stakeholder has their own specific goals and objectives, and the value that identity represents is different for each of them.

The identity platform impact on users

An identity platform will not negatively impact users by adding friction to their experience. A vendor-agnostic converged platform will not lock an organization into any specific vendor. It will adapt to the customer needs and accommodate having their brand on the interface. This is important to many organizations because identity infrastructure is so intrinsic to their business operations and culture.

Business leaders in charge of IT, compliance and security rely upon identity to ensure the right users have the appropriate access to digital resources. However, identity platform convergence means different things to different people. Because of the fractured identity landscape, vendors are looking to grow market share to increase their piece of the identity pie. Often, when one company buys another, they are eliminating their competition, which is not necessarily a good thing for customers. 

A converged identity platform helps make organizations more secure, compliant with regulations and provides a faster return on investment. It enables greater gains in efficiency for user and application on/off-boarding while supporting and enhancing the auditing process. It simplifies how users log into systems and apps and maximizes and optimizes existing identity tools, policies, and processes.

The positives and negatives of convergence

It is fair to say that convergence can be good for vendors but challenging for users. For many organizations, the prospect of any software platform conversion means more costs, more and possibly different licenses, and added usage. Convergence can also eliminate competition, potentially leading to higher prices and fewer choices. 

When a product goes through an upgrade, or its lifecycle is at an end-of-life stage, the customer usually pays the price. A vendor-agnostic identity platform should protect organizations from such an impact. In fact, the organization should be able to replace that product with a newer, better solution that may be more cost-effective. That is the beauty of a vendor-agnostic identity platform.

Even within a mature market like IGA, new IGA vendors are bringing modern technology at competitive prices, encouraging pricing stability. IGA is the most mature identity technology, while PAM is the least mature, mainly because privileged access personnel tasked with implementing PAM are often resistant. This is due to the potential friction on both the administrative and end-user sides. This resistance is a challenge that identity platforms face if they have simply cobbled together various capabilities and critical functions without focusing on the user experience. The key is to have a user interface that remains consistent, even if the underlying technology changes.

Managed identity service providers tend to be vendor agnostic. If a particular vendor needs to be swapped out, users are never impacted. All the changes are executed on the back-end, and the user experience and workflow processes remain consistent by having a common dashboard or interface separated from the underlying technologies. This is a key advantage of a comprehensive identity platform, as all the identity functions are integrated specifically to eliminate user friction. 

While today there is a fractured identity landscape, over the next 3-5 years, I expect there will be a convergence of the IGA, PAM and AM pillars. Identity vendors are beginning to expand their offerings, either through partnerships, by technology acquisitions, or vendor convergence; and from in-house development through organic expansion of capabilities.

Source: https://www.securitymagazine.com/articles/96602-will-the-convergence-of-iga-pam-and-am-fix-the-fractured-identity-landscape

Click to comment
Exit mobile version