We have a lot of conversations with Zilla customers and partners about the importance of our modern approach to identity governance (powered by AI, automation, and purpose-built for hybrid enterprises) and its value proposition in terms of security, compliance and operational efficiency.
An important concept that is fundamental to the business value of identity governance is that of a system of record. Identity governance requires more than just a set of identity processes; it also serves as a historical record of users, systems, identities, accounts, permissions, group memberships, and who did what and when. A system of record isn’t just a source of truth; a source of truth usually refers to the present, while a system of record involves the past and the present.
Why is an IGA System of Record important?
An IGA system of record is used by many governance stakeholders. It helps identity, security, GRC, and audit teams understand the state of access, past and present.
A system of record helps:
- Identity and security staff, application, and data owners understand the current state of access, the chain of accounts, group memberships, roles and policies that deliver permissions, and why the current access state is the way it is. This visibility supports provisioning, access request, access review, and rightsizing decisions.
- Security Operations teams with critical insights and forensics based on identity and access analytics.
- GRC teams and auditors, both internal and external, get the right information to assess risk, prove compliance, and complete an audit with optimal completeness and accuracy.
Here are a few examples of what an IGA system of record provides:
- History of entitlements across the enterprise: who had what access, when and how did they get it.
- What happened when: What exactly was collected from an application or directory and when? When did joiner-mover-leaver events occur and what entitlement changes were made as a result? When was an account or group membership or entitlement discovered and was it an approved change? If a change occurred that was not approved, how was it handled?
- Context changes: Often, critical historical business context is lost due to the constant change in an organization as employees leave their jobs or move within the organization. The missing context may include answers to questions like:
- What is this service account used for? Why does it exist?
- Why does this third-party have this account or permission?
- Why was this permission request approved or denied?
- Why was this permission maintained or revoked as part of an access review process?
- Who-did what logs: Which stakeholder in an IGA process did what and when?
How does Zilla support this concept of a system of record?
A system of record across all IGA processes requires a well crafted data repository, and automation that constantly maintains data accuracy. Zilla was purpose-built to deliver this system of record. It maintains a history of every entitlement, every identity lifecycle event, every review, every security finding, and every action taken by both IGA stakeholders and Zilla AI.
We’ve taken extra effort to support features such as enabling stakeholders to annotate every review or assignment decision, preserving snapshots of data collection as proof of completeness and accuracy, and filtering audit trails to support security teams. And, we remain eager to learn from prospects, customers, and partners about new use cases driving a broader and deeper IGA system of record.
If you would like to schedule a demo or a further discussion around this topic, reach out to the Zilla team today.