One of the big challenges that virtually all Identity teams struggle through, is in managing business roles which are used to speed the provisioning of new users. Recent research indicates that 90% of all organizations either struggle with the efforts to define and maintain roles or they haven’t even defined roles due to the known effort required to manage them.
While legacy IGA solutions have added tools over the years to help with the role mining process, none have eliminated the core challenge of roles, which revolves around the centralized definition of roles amongst the distributed users that understand the specific context of the roles and applications they’re responsible for.
Zilla’s modern IGA approach is unique, in this regard, by leveraging the concept (and power of) pre-approvals to define job-appropriate access to bypass the challenges of roles management. And Zilla further applies these pre-approvals to both provisioning and user access review processes. As a result of using Zilla’s AI-based pre-approvals, customers have found that they’re able to pre-approve 75% of all permissions that would otherwise need to be approved and reviewed. That’s right, you read this correctly. 75% (or more) of all permission grants can be pre-approved without the efforts and headaches of defining and maintaining roles.
To illustrate the difference that this approach makes in terms of time, effort, and accuracy, it can be helpful to explore the broader concept of pre-approvals; we can then discuss how pre-approvals make a huge difference for identity governance strategies.
How Do We Use Pre-Approvals Today?
Generally speaking, pre-approvals offer value to both the approval body and to the entity in need of approval. There are many examples of pre-approvals in our society, with varying levels of benefit. Let’s explore some of the most common areas of pre-approvals:
- Home mortgages: Pre-approvals are a required component of a home search. Mortgage pre-approval helps buyers constrain their search to properties that they will realistically be able to secure a mortgage for; similarly, the pre-approval gives sellers the confidence that a buyer is serious.
- Credit card pre-approvals: Who hasn’t been annoyed by receiving a direct mail flyer or email with an “exclusive offer” informing you that you’ve been pre-approved for a certain card? These pre-approvals do offer value, though. They speed the application process and act as an early guardrail for the lender and consumer about a potential spending limit.
- TSA Pre-Check and Global Entry: For the impatient traveler, security pre-approval via TSA Pre-Check or global entry promises speed and efficiency in the airport.
What Happens Without Pre-Approvals?
In all of the above examples, pre-approvals aren’t required to complete the process, but they do make it flow more efficiently and provide increased security. For example, can you imagine accepting an offer on a home from a buyer without a pre-approval and taking it off the market, only to discover weeks later that the buyers can’t actually afford the home or secure a loan for it?
In the TSA example, pre-approvals bring additional governance into the security clearance process in the airport. If there were a fast-track airport security line that was only overseen by the personnel on shift that day, how much higher would the risk be of an agent “rubber stamping” a traveler with a risky item, just because they were lost in the shuffle of a sea of travelers?
Instead, there are well-documented and expected processes of pre-approval for both prospective home buyers and for airport travelers who don’t want to remove their shoes and large electronics. It makes these tedious processes easier and more efficient. And, it reduces the risk of human error, like a single security agent who looks away from a scan screen for a few seconds.
Why shouldn’t the same pre-approval driven efficiency exist for the tedious but predictable headaches of provisioning access throughout the employee lifecycle?
Pre-approvals from the right application or business owner, with the right context, can save significant time and headaches on the part of IT when it comes to provisioning, and this is exactly the benefit that Zilla AI Profiles™ offers.
Reviewing Access is Tedious
In the world of identity governance, there are a few areas where determining access can be painful and time-consuming:
- User Access Reviews: Business owners (usually application owners or supervisors) must review every permission for in-scope applications, often as frequently as quarterly, to ensure that access is appropriate. This can amount to thousands of permissions that must be re-reviewed on a regular basis.
- Provisioning new access: Whether it is determining job-appropriate access for a new employee or reviewing access requests for an existing employee, access request tickets can be overwhelming, especially for IT teams who do not have the context to make access decisions about applications across the enterprise. In order to resolve the ticket, IT needs to chase down the application owner to determine whether the access request is reasonable, and then grant the access.
Too often, the result of these overwhelming access reviews and requests is that reviewers and approvers “rubber stamp” the access, simply out of access fatigue. The impact of doing so can result in not just the granting of inappropriate access, but audit failures or an identity breach driven by overprivileged access.
AI Enables Pre-Approved Access
This is where Zilla’s concept of pre-approved access is a lifesaver. Zilla’s machine learning uses the existing access estate to understand job-appropriate access based on an employee’s existing attributes and application entitlements. It then builds profiles, which are a very granular representation of all of the access in an organization, and presents them to the correct business owner for approval. Once the profile is approved, that approval is documented and it can be used to “pre-approve” access for new members of the organization. The automation around the use of AI to propose profiles and the tightly integrated business workflows for approving and managing profiles makes IGA processes much easier — at least 75% easier.
The risk of rubber stamping is eliminated by this process, and the results have been fantastic – in many cases, the number of permissions requiring manual review decreases by 75%. For provisioning, time required to provision a new employee is much faster, because AI Profiles inform birthright access for new employees.
Pre-Approvals: Where Efficiency Meets Security
From mortgages to TSA PreCheck, pre-approvals save time and reduce errors. Zilla brings that same clarity and efficiency to identity governance via our AI-powered pre-approvals that automate user access reviews and speed provisioning for employees.
Want to see pre-approvals in action? Schedule a demo with our team today, and don’t miss our upcoming webinar on how AI and pre-approvals help define and maintain business roles.