Identity Governance and Administration projects (IGA) are crucial to properly secure an environment, complete audits, and boost operational efficiency through the audit process. However, legacy Identity Governance projects have a reputation for failure. Gartner identifies that over 50% of IGA deployments are distressed and fail to achieve functional, budgetary, or timing commitments. That statistic is alarming given that the majority of today’s data breaches are rooted in identity. To help teams better understand why legacy IGA projects are distressed we have compiled data across conversations with identity security practitioners and consulting partners.
These are the top 3 most common reasons Identity Governance projects fail:
1. Starting with Provisioning:
The provisioning phase of an IGA project is the most complex phase to begin with. You have to contend with the immediate integration with all applications, the cataloging of all permissions, roles, groups, and approvers, as well as all the business logic for birthright permissions, what can be requestable, and what the approval workflows look like. It can be months to years before users can see the value of this phase and executive leadership is frustrated with the slow progress.
2. Integration Challenges:
Identity governance projects often involve integrating with many existing systems, such as HR systems, directories, business applications, and databases. Failure to integrate these systems can result in gaps in audit reporting, data oversight, over-permissioned users, and difficulties in managing identities and access rights effectively. For legacy IGA solutions integrations, for all but the most popular applications, typically require custom development to integrate. These development cycles could stretch months to years and add significant professional services costs and frustration to the project. Inevitably every project ends up with an island of applications deemed too complex to integrate and cast aside. Even after all the investment into a platform, professional services, and internal teams’ time, people are stuck working manually on some applications.
3. Reviewer Resistance:
To complete a user access review campaign properly, an organization needs to gain participation and analysis from application owners and supervisors in the company. This can be a large population of people and include a non-technical subset. If the access review process being implemented is cumbersome and not easy to understand, this can cause reviewers to become overwhelmed and not complete the process accurately. In some cases, the reviewers do not perform their review at all. This forces the campaign owners to chase these reviewers, leading to unnecessary labor waste, and frustration for all the people involved.
Understanding these failure points is the first step in moving towards a path that offers greater success.
How to Improve Success Rates and Create Wins: