Modern IGA as a System of Record

by | Nov 14, 2024

We have a lot of conversations with Zilla customers and partners about the importance of our modern approach to identity governance (powered by AI, automation, and purpose-built for hybrid enterprises) and its value proposition in terms of security, compliance and operational efficiency.

An important concept that is fundamental to the business value of identity governance is that of a system of record. Identity governance requires more than just a set of identity processes; it also serves as a historical record of users, systems, identities, accounts, permissions, group memberships, and who did what and when. A system of record isn’t just a source of truth; a source of truth usually refers to the present, while a system of record involves the past and the present.

Why is an IGA System of Record important?

An IGA system of record is used by many governance stakeholders. It helps identity, security, GRC, and audit teams understand the state of access, past and present.

A system of record helps:

  • Identity and security staff, application, and data owners understand the current state of access, the chain of accounts, group memberships, roles and policies that deliver permissions, and why the current access state is the way it is. This visibility supports provisioning, access request, access review, and rightsizing decisions.
  • Security Operations teams with critical insights and forensics based on identity and access analytics.
  • GRC teams and auditors, both internal and external, get the right information to assess risk, prove compliance, and complete an audit with optimal completeness and accuracy.

Here are a few examples of what an IGA system of record provides:

  • History of entitlements across the enterprise: who had what access, when and how did they get it.
  • What happened when: What exactly was collected from an application or directory and when? When did joiner-mover-leaver events occur and what entitlement changes were made as a result? When was an account or group membership or entitlement discovered and was it an approved change? If a change occurred that was not approved, how was it handled?
  • Context changes: Often, critical historical business context is lost due to the constant change in an organization as  employees leave their jobs or move within the organization. The missing context may include answers to questions like:
    • What is this service account used for? Why does it exist?
    • Why does this third-party have this account or permission?
    • Why was this permission request approved or denied?
    • Why was this permission maintained or revoked as part of an access review process?
    • Who-did what logs: Which stakeholder in an IGA process did what and when?

How does Zilla support this concept of a system of record?

A system of record across all IGA processes requires a well crafted data repository, and automation that constantly maintains data accuracy. Zilla was purpose-built to deliver this system of record. It maintains a history of every entitlement, every identity lifecycle event, every review, every security finding, and every action taken by both IGA stakeholders and Zilla AI.

We’ve taken extra effort to support features such as enabling stakeholders to annotate every review or assignment decision, preserving snapshots of data collection as proof of completeness and accuracy, and filtering audit trails to support security teams. And, we remain eager to learn from prospects, customers, and partners about new use cases driving a broader and deeper IGA system of record.

If you would like to schedule a demo or a further discussion around this topic, reach out to the Zilla team today.

Author

  • Identity security leader Deepak Taneja smiles at the camera, in a blue and white checkered button-down shirt.

    Zilla Security Co-Founder, CEO & President Deepak Taneja is an entrepreneur and security expert with extensive experience founding and leading enterprise software companies. Deepak has been at the forefront of innovation in identity management for over 25 years.

    His vision for Zilla is to secure the enterprise by automating the management of permissions to all applications and data. Prior to Zilla Security, he founded and led Aveksa, a pioneer in identity governance, and was CTO at RSA Security after Aveksa was acquired by RSA.

    Previously, as CTO for Netegrity, he led the evolution of SiteMinder into an industry-leading web access management platform. An avid supporter of technology entrepreneurship, Deepak has served as a board member and advisor to several successful startups. Deepak holds a B. Tech in Electrical Engineering from the Indian Institute of Technology, Kanpur, and an M.S. in Electrical Engineering from the University of Florida.

    Connect with Deepak via LinkedIn.

    View all posts

Recent Posts

Key Takeaways from a Discussion on Modern Identity Governance

Highlights of Zilla’s discussion on the need to modernize identity governance strategies. IGA experts covered the complex nature of IGA, the importance of automation and AI in a modern IGA strategy, and how to address the challenge of non-human identities.