How a Culture of Identity Governance Drives Success in Digital Transformation

How a Culture of Identity Governance Drives Success in Digital Transformation

  • By John Milburn
  • May 28, 2021

Digital Transformation (DX) should be an important area of strategic focus for companies that want to grow and thrive in a changing world. It’s not easy, though. DX takes a focused blend of people, process and technology. It also requires an organization’s governance process to adapt and become more rigorous, especially around identity management.

What is DX, really?
Any thinking about the role of governance in DX success must start with a proper definition of DX. The essence of DX, which cuts across all permutations of the idea, involves using technology to transform the relationship between a business and its customers. A company that undergoes digital transformation is a business that has leveraged technology to engage more deeply with its customers, build more sustainable relationships with them, and earn a larger share of the customer’s wallet in the process. These outcomes can emerge from a wide variety of technology strategies. What they have in common, though, is a parallel transformation in the way systems interact with one another. For example, DX might mean coupling Internet of Things (IoT) devices with in-store kiosks and mobile app technology to achieve an omnichannel customer experience. Success will require some pretty sophisticated application integration. This is where identity comes into the picture.

What does DX have to do with identity?
An organization has to do multiple things right to achieve a successful DX outcome. Good planning and strategy are essential, as is technical excellence. Getting systems to connect and inter-operate requires skill. The topology of the DX project might span public and private cloud infrastructure, on-premises data centers, Software-as-a-Service (SaaS) solutions, and more. A further complication may arise from connecting systems belonging to multiple business entities. Then, there are the users themselves, who may work for different companies, or no company (e.g., contractors). They may be working from home, or at remote sites.

In an environment like this, it is imperative that the organization know who its users are—and can authenticate them across any possible point of access. This is partly a matter of security and compliance, but the requirement also has a lot to do with how all the elements of the DX project are going to function. If end users and administrative users have trouble getting the credentials they need quickly enough, the entire effort may bog down. Identity cannot be ungoverned in such an environment.

Identity Governance and Administration (IGA) and DX
A DX initiative needs a parallel practice of Identity Governance and Administration (IGA). Though it varies from company to company, IGA is a collection of policies and processes that makes it possible to manager users’ identities and assign access privileges in alignment with business strategy, security policies and compliance requirements. It represents a better organized version of the simple access lists and loose identity management rules that have long prevailed in so many organizations.

The need for a culture of identity governance
IGA doesn’t just happen, even in companies that own dedicated IGA solutions. It takes a culture of identity governance for IGA to succeed. What does this look like? Identity governance culture means that the people in an organization, at every level, understand why identity management is important. They get that poor access controls can lead to data breaches and other negative security incidents. They appreciate that the complex system integrations and technological layers of DX need clear identity controls in order to work.

A company with an identity governance culture will embed strong identity management into everyday work streams. People will want to follow processes instead of feeling pressured to—and circumventing them. For example, a bad habit such as password sharing, which might have been tolerated previously, will no longer occur because employees and other stakeholders recognize that it’s a high-risk behavior.

Making an identity governance culture a reality, for today and tomorrow
Building an identity governance culture takes training as well as endorsements from executives who can set an example for everyone else. Tooling is also a necessary foundation for identity governance culture. It’s difficult to change culture without solutions that make it easier for people to follow the rules. For example, an advanced IGA solution can automate tasks like provisioning access to systems. It can handle identity across the entire employee or contractor lifecycle. This way, new users can quickly get to work on their part of the DX project, versus waiting for days or weeks as might have been the case previously. Integrating the IGA solution with IT Service Management (ITSM) systems can smooth this process along. The future of DX is unknown, but signs point to a fast-approaching era where the identity governance culture will need to adapt to an era of convergence among major enterprise systems used in DX. Today’s best-of-breed and point solutions will likely fade away. Traditional IAM vendors, too, are heading into competition from enterprise platforms such as Salesforce and ServiceNow. A strong culture can evolve, however. As circumstances change—and they will—the culture can keep up, ensuring that identity governance remains an essential element of DX.

DX can happen without a strong commitment to building an identity governance culture, but it probably won’t go well. Identity governance is an elemental success factor in DX. The degree of application and data integration required for DX, along with its tendency to connect multiple business entities, make rigorous identity management an imperative. In addition, DX initiatives are not static. In fact, their ability to adapt to changes in the marketplace are one of their main appeals to business strategies. This reality puts further pressure on identity governance to keep up, ensuring that only authorized people can access the underlying systems and data sources. A culture of identity governance will keep identity as reliable part of DX as it inevitably evolves over time.

Featured

  • 2025 Security LeadHER Conference Program Announced

    ASIS International and the Security Industry Association (SIA) – the leading membership associations for the security industry – have announced details for the 2025 Security LeadHER conference, a special event dedicated to advancing, connecting and empowering women in the security profession. The third annual Security LeadHER conference will be held Monday, June 9 – Tuesday, June 10, 2025, at the Detroit Marriott Renaissance Center in Detroit, Michigan. This carefully crafted program represents a comprehensive professional development opportunity for women in security this year. To view the full lineup at this year’s event, please visit securityleadher.org. Read Now

    • Industry Events

  • Report: 82 Percent of Phishing Emails Used AI

    KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today launched its Phishing Threat Trend Report, detailing key trends, new data, and threat intelligence insights surrounding phishing threats targeting organizations at the start of 2025. Read Now

  • NRF Supports Federal Bill to Thwart Retail Crime

    The National Retail Federation recently announced its support for the Combating Organized Retail Crime Act of 2025. The act was introduced by Chairman Chuck Grassley, R-Iowa, Senator Catherine Cortez Masto, D-Nev., and Representative Dave Joyce, R-Ohio. Read Now

  • ISC West 2025 Brings Almost 29,000 Industry Professionals to Las Vegas

    ISC West 2025, organized by RX and in collaboration with the Security Industry Association, concluded at the Venetian Expo in Las Vegas last week. The nation’s leading comprehensive and converged security event attracted nearly 29,000 industry professionals and left a lasting impression on the global security community. Over five action-packed days, ISC West welcomed more than 19,000 attendees and featured 750 exhibiting brands. Read Now

    • Industry Events
    • ISC West

  • Tradeshow Work Can Be Fun

    While at ISC West last week, I ran into numerous friends and associates all of which was a pleasant experience. The first question always seemed to be, “How many does this make for you?” Read Now

    • Industry Events
    • ISC West
Most   Popular

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.