How a Culture of Identity Governance Drives Success in Digital Transformation

How a Culture of Identity Governance Drives Success in Digital Transformation

  • By John Milburn
  • May 28, 2021

Digital Transformation (DX) should be an important area of strategic focus for companies that want to grow and thrive in a changing world. It’s not easy, though. DX takes a focused blend of people, process and technology. It also requires an organization’s governance process to adapt and become more rigorous, especially around identity management.

What is DX, really?
Any thinking about the role of governance in DX success must start with a proper definition of DX. The essence of DX, which cuts across all permutations of the idea, involves using technology to transform the relationship between a business and its customers. A company that undergoes digital transformation is a business that has leveraged technology to engage more deeply with its customers, build more sustainable relationships with them, and earn a larger share of the customer’s wallet in the process. These outcomes can emerge from a wide variety of technology strategies. What they have in common, though, is a parallel transformation in the way systems interact with one another. For example, DX might mean coupling Internet of Things (IoT) devices with in-store kiosks and mobile app technology to achieve an omnichannel customer experience. Success will require some pretty sophisticated application integration. This is where identity comes into the picture.

What does DX have to do with identity?
An organization has to do multiple things right to achieve a successful DX outcome. Good planning and strategy are essential, as is technical excellence. Getting systems to connect and inter-operate requires skill. The topology of the DX project might span public and private cloud infrastructure, on-premises data centers, Software-as-a-Service (SaaS) solutions, and more. A further complication may arise from connecting systems belonging to multiple business entities. Then, there are the users themselves, who may work for different companies, or no company (e.g., contractors). They may be working from home, or at remote sites.

In an environment like this, it is imperative that the organization know who its users are—and can authenticate them across any possible point of access. This is partly a matter of security and compliance, but the requirement also has a lot to do with how all the elements of the DX project are going to function. If end users and administrative users have trouble getting the credentials they need quickly enough, the entire effort may bog down. Identity cannot be ungoverned in such an environment.

Identity Governance and Administration (IGA) and DX
A DX initiative needs a parallel practice of Identity Governance and Administration (IGA). Though it varies from company to company, IGA is a collection of policies and processes that makes it possible to manager users’ identities and assign access privileges in alignment with business strategy, security policies and compliance requirements. It represents a better organized version of the simple access lists and loose identity management rules that have long prevailed in so many organizations.

The need for a culture of identity governance
IGA doesn’t just happen, even in companies that own dedicated IGA solutions. It takes a culture of identity governance for IGA to succeed. What does this look like? Identity governance culture means that the people in an organization, at every level, understand why identity management is important. They get that poor access controls can lead to data breaches and other negative security incidents. They appreciate that the complex system integrations and technological layers of DX need clear identity controls in order to work.

A company with an identity governance culture will embed strong identity management into everyday work streams. People will want to follow processes instead of feeling pressured to—and circumventing them. For example, a bad habit such as password sharing, which might have been tolerated previously, will no longer occur because employees and other stakeholders recognize that it’s a high-risk behavior.

Making an identity governance culture a reality, for today and tomorrow
Building an identity governance culture takes training as well as endorsements from executives who can set an example for everyone else. Tooling is also a necessary foundation for identity governance culture. It’s difficult to change culture without solutions that make it easier for people to follow the rules. For example, an advanced IGA solution can automate tasks like provisioning access to systems. It can handle identity across the entire employee or contractor lifecycle. This way, new users can quickly get to work on their part of the DX project, versus waiting for days or weeks as might have been the case previously. Integrating the IGA solution with IT Service Management (ITSM) systems can smooth this process along. The future of DX is unknown, but signs point to a fast-approaching era where the identity governance culture will need to adapt to an era of convergence among major enterprise systems used in DX. Today’s best-of-breed and point solutions will likely fade away. Traditional IAM vendors, too, are heading into competition from enterprise platforms such as Salesforce and ServiceNow. A strong culture can evolve, however. As circumstances change—and they will—the culture can keep up, ensuring that identity governance remains an essential element of DX.

DX can happen without a strong commitment to building an identity governance culture, but it probably won’t go well. Identity governance is an elemental success factor in DX. The degree of application and data integration required for DX, along with its tendency to connect multiple business entities, make rigorous identity management an imperative. In addition, DX initiatives are not static. In fact, their ability to adapt to changes in the marketplace are one of their main appeals to business strategies. This reality puts further pressure on identity governance to keep up, ensuring that only authorized people can access the underlying systems and data sources. A culture of identity governance will keep identity as reliable part of DX as it inevitably evolves over time.

Featured

  • Bringing New Goods to Market

    The 2024 version of GSX brought with it a race to outrun incoming hurricane Helene. With it’s eye on Orlando, it seems to have shifted and those security professionals still in Orlando now have a fighting chance to get out town. Read Now

    • Industry Events
    • GSX

  • Live from GSX 2024: Day 3 Recap

    And GSX 2024 in Orlando, is officially in the books! I’d like to extend a hearty congratulations and a sincere thank-you to our partners in this year’s Live From program—NAPCO, Eagle Eye Networks, Hirsch, and LVT. Even though the show’s over, keep an eye on our GSX 2024 Live landing page for continued news and developments related to this year’s vast array of exhibitors and products. And if you’d like to learn more about our Live From program, please drop us a line—we’d love to work with you in Las Vegas at ISC West 2025. Read Now

    • Industry Events
    • GSX

  • Live from GSX 2024: Day 2 Recap

    Day 2 was another winner at GSX 2024 in Orlando. Aisles and booths were packed with attendees looking at some of the new and latest security technology. Remember to follow the GSX Live page from Security Today, as well as SecurToday on X and Security Today on LinkedIn to find out more about what’s happening on the show floor during tomorrow’s final day. Here’s what was happening with all four of our partners during the event on Tuesday. Read Now

    • Industry Events
    • GSX

  • How Much Carbon is Your Footprint Leaving?

    A more sustainable future is not only shared responsibility, it is increasingly critical. Securitas, is inviting clients and industry partners to make a difference in an ever-evolving world that faces diverse sustainability challenges. Read Now

    • Industry Events
    • GSX
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3