Select Page

A new lens for IGA

by | Aug 22, 2023

This year, it’s been fun to get out of the office and meet in-person with customers, prospects and partners. Since many recent conversations have been about how identity is taking center stage in IT and security circles, I wanted to share my thoughts on the changes driving Identity Governance and Administration (IGA).

Identity security is now business-critical

From an IT perspective , the word “governance” implies a notion of processes that are effective and efficient in enabling organizations to achieve their IT goals. The IGA market originated in a pre-cloud era – more on this in my earlier LinkedIn post, “Why enterprises struggle with legacy Identity Governance & Administration”). As the founder of Aveksa, the first company in the IGA space, I remember well the business drivers that led to its birth. Back then, we needed efficient processes for two key IT goals: identity compliance, and identity administration. Those same needs remain today, but identity has become substantially more business critical.

Today, rapid cloud adoption and digital transformation are reshaping perspectives on identity. Identity is now recognized as both the new security perimeter and a critical security vector in the software development lifecycle. Yet, not only do the legacy IGA suites remain hard to deploy, let alone scale with the cloud, they fail to address the challenge of identity security. The old IGA suites were designed for identity compliance and identity administration, not for security. Their notion of “governance” doesn’t include processes that deal with the new identity security reality. Rather than adapting their products to this reality, the only thing that IGA vendors have changed is their marketing taglines.

Siloed solutions don’t solve a holistic problem

Unfortunately, identity security can’t be simply bolted on to your legacy IGA solution. Since identity is a holistic issue that spans on-prem, SaaS, and cloud infrastructure, it must be dealt with through a single control point. Identity-centric feature sets like CIEM and SSPM are red herrings! (More on this in my blog, “SSPM and CIEM are valuable feature sets, but do you really want a patchwork of identity security?”) Siloed solutions don’t solve a holistic problem. The customers I’ve spoken with over the past two years are looking for a comprehensive solution that takes the IGA paradigm to the next level and embraces identity security.

Identity security is not merely about helping security teams see who has access to what – it’s much more than a visibility issue. Organizations today don’t have the manpower to identify risks by watching dashboards, running daily reports, or, as some vendors would have you believe, to trudge through graph database visualizations of thousands of user entitlement chains. Comprehensive visibility into access is, no doubt, very useful. But security teams lack the manpower to get by on visibility alone. Identity and access gaps need to be detected and plugged proactively through automation, not manually by security staffers through graph visualizations or once a quarter during an access review process.

You need a single solution that is:

  • woven into your DevSecOps practices
  • automatically removes a terminated employee’s permissions across the enterprise
  • catches a threat actor’s privilege escalation
  • alerts you when a third-party gets privileged access to your sensitive Snowflake data
  • enforces business justifications for risky SaaS-to-SaaS API integrations

and so much more!

Cloud scale and complexity demand policy-based automation. They demand effective processes that use policies to continuously monitor the attack surface for identity risks, and enable remediation workflows. What organizations need is a security practice based on these processes.

We, at Zilla Security, see IGA through a new lens, a lens with a focal point that delivers efficient and effective processes for identity security AND identity compliance and administration.

To learn more and see how Zilla’s policy-based automation and 500+ integrations make identity security easy, contact us.

Author

  • Deepak Taneja

    Zilla Security Co-Founder, CEO & President Deepak Taneja is an entrepreneur and security expert with extensive experience founding and leading enterprise software companies. Deepak has been at the forefront of innovation in identity management for over 25 years.

    His vision for Zilla is to secure the enterprise by automating the management of permissions to all applications and data. Prior to Zilla Security, he founded and led Aveksa, a pioneer in identity governance, and was CTO at RSA Security after Aveksa was acquired by RSA.

    Previously, as CTO for Netegrity, he led the evolution of SiteMinder into an industry-leading web access management platform. An avid supporter of technology entrepreneurship, Deepak has served as a board member and advisor to several successful startups. Deepak holds a B. Tech in Electrical Engineering from the Indian Institute of Technology, Kanpur, and an M.S. in Electrical Engineering from the University of Florida.

    Connect with Deepak via LinkedIn.

Recent Posts

Sisense Breach – Stealing a Valet Lockbox

The breach of Sisense last week represents one of the most dangerous breaches of this year, and potentially longer. It’s not because of what data was exfiltrated directly from Sisense…