How a Culture of Identity Governance Drives Success in Digital Transformation

How a Culture of Identity Governance Drives Success in Digital Transformation

Digital Transformation (DX) should be an important area of strategic focus for companies that want to grow and thrive in a changing world. It’s not easy, though. DX takes a focused blend of people, process and technology. It also requires an organization’s governance process to adapt and become more rigorous, especially around identity management.

What is DX, really?
Any thinking about the role of governance in DX success must start with a proper definition of DX. The essence of DX, which cuts across all permutations of the idea, involves using technology to transform the relationship between a business and its customers. A company that undergoes digital transformation is a business that has leveraged technology to engage more deeply with its customers, build more sustainable relationships with them, and earn a larger share of the customer’s wallet in the process. These outcomes can emerge from a wide variety of technology strategies. What they have in common, though, is a parallel transformation in the way systems interact with one another. For example, DX might mean coupling Internet of Things (IoT) devices with in-store kiosks and mobile app technology to achieve an omnichannel customer experience. Success will require some pretty sophisticated application integration. This is where identity comes into the picture.

What does DX have to do with identity?
An organization has to do multiple things right to achieve a successful DX outcome. Good planning and strategy are essential, as is technical excellence. Getting systems to connect and inter-operate requires skill. The topology of the DX project might span public and private cloud infrastructure, on-premises data centers, Software-as-a-Service (SaaS) solutions, and more. A further complication may arise from connecting systems belonging to multiple business entities. Then, there are the users themselves, who may work for different companies, or no company (e.g., contractors). They may be working from home, or at remote sites.

In an environment like this, it is imperative that the organization know who its users are—and can authenticate them across any possible point of access. This is partly a matter of security and compliance, but the requirement also has a lot to do with how all the elements of the DX project are going to function. If end users and administrative users have trouble getting the credentials they need quickly enough, the entire effort may bog down. Identity cannot be ungoverned in such an environment.

Identity Governance and Administration (IGA) and DX
A DX initiative needs a parallel practice of Identity Governance and Administration (IGA). Though it varies from company to company, IGA is a collection of policies and processes that makes it possible to manager users’ identities and assign access privileges in alignment with business strategy, security policies and compliance requirements. It represents a better organized version of the simple access lists and loose identity management rules that have long prevailed in so many organizations.

The need for a culture of identity governance
IGA doesn’t just happen, even in companies that own dedicated IGA solutions. It takes a culture of identity governance for IGA to succeed. What does this look like? Identity governance culture means that the people in an organization, at every level, understand why identity management is important. They get that poor access controls can lead to data breaches and other negative security incidents. They appreciate that the complex system integrations and technological layers of DX need clear identity controls in order to work.

A company with an identity governance culture will embed strong identity management into everyday work streams. People will want to follow processes instead of feeling pressured to—and circumventing them. For example, a bad habit such as password sharing, which might have been tolerated previously, will no longer occur because employees and other stakeholders recognize that it’s a high-risk behavior.

Making an identity governance culture a reality, for today and tomorrow
Building an identity governance culture takes training as well as endorsements from executives who can set an example for everyone else. Tooling is also a necessary foundation for identity governance culture. It’s difficult to change culture without solutions that make it easier for people to follow the rules. For example, an advanced IGA solution can automate tasks like provisioning access to systems. It can handle identity across the entire employee or contractor lifecycle. This way, new users can quickly get to work on their part of the DX project, versus waiting for days or weeks as might have been the case previously. Integrating the IGA solution with IT Service Management (ITSM) systems can smooth this process along. The future of DX is unknown, but signs point to a fast-approaching era where the identity governance culture will need to adapt to an era of convergence among major enterprise systems used in DX. Today’s best-of-breed and point solutions will likely fade away. Traditional IAM vendors, too, are heading into competition from enterprise platforms such as Salesforce and ServiceNow. A strong culture can evolve, however. As circumstances change—and they will—the culture can keep up, ensuring that identity governance remains an essential element of DX.

DX can happen without a strong commitment to building an identity governance culture, but it probably won’t go well. Identity governance is an elemental success factor in DX. The degree of application and data integration required for DX, along with its tendency to connect multiple business entities, make rigorous identity management an imperative. In addition, DX initiatives are not static. In fact, their ability to adapt to changes in the marketplace are one of their main appeals to business strategies. This reality puts further pressure on identity governance to keep up, ensuring that only authorized people can access the underlying systems and data sources. A culture of identity governance will keep identity as reliable part of DX as it inevitably evolves over time.

Featured

  • Return to Form

    My first security trade show was in 2021. At the time, I was awed by the sheer magnitude of the event and the spectacle of products on display. But this was the first major trade show coming out of the pandemic, and the only commentary I heard was how low the attendance was. Two representatives from one booth even spent the last morning playing catch in the aisle with their giveaway stress balls. Read Now

    • Industry Events
    • ISC West
  • Live from ISC West: Day 1 Recap

    The first day of ISC West 2023 is in the books, and it’s safe to say that vendors have brought their A-game to Las Vegas. The booths of this year’s Live From partners—NAPCO Security, Alibi Security, Vistacom, RGB Spectrum, and DoorKing—were swamped all day long. Here’s a brief recap of just a few highlights from each partner’s presence at the show. Read Now

    • Industry Events
    • ISC West
  • Turn on the AC, ISC West is Hot

    Nothing warm about the Las Vegas weather outside. It is cold, and it was raining after the opening day. No one seemed to care inside the convention center. The hall was packed with inquisitive security professionals. Read Now

    • Industry Events
    • ISC West
  • Live From ISC West 2023: Day 1

    ISC West 2023 in Las Vegas, Nevada, has officially begun! Make sure to keep an eye on Security Today’s ISCW Live 2023 page, as well as our associated Twitter accounts—@SecurToday and @CampusSecur—for the latest updates from the show floor at the Venetian Expo. Read Now

    • Industry Events
    • ISC West

Featured Cybersecurity

New Products

  • Schlage RC reader controller

    Schlage RC Reader Controller

    This new innovative device combines the power of the Pure IP™ access control technology pioneered by ISONAS with Schlage’s intelligent hardware and credentials, delivering a comprehensive and cost-effective perimeter solution to customers. 3

  • Dinkle DKU Barrier Terminal Blocks

    Dinkle DKU Barrier Terminal Blocks

    New DKU screw type terminal blocks use a spring-guided system where the screws are integrated and captive within the terminal enclosure. These screws can be backed out so that ring- or U-shaped cable lugs can be inserted, without the possibility of losing the screw. 3

  • PDK IO Access Control Software

    PDK.IO Access Control Software

    ProdataKey now allows for "custom fields" within the interface of its pdk.io software. Custom fields increase PDK's solutions' overall functionality by allowing administrators to include a wide range of pertinent data associated with each user. 3