Traditionally, Identity Governance and Administration (IGA) solutions are known to help organizations improve their compliance and audit performance. But for companies looking for a solution that includes cloud platforms and SaaS services with fast time to value, legacy IGA solutions may not be the best approach. In this article, I will discuss why traditional IGA services fall short. And why it’s time to reassess and take a new approach that can save you a lot of time, money, and pain down the road.
Legacy IGA vendors always crow about how highly they are rated by Gartner. What they avoid talking about is that, according to Gartner an estimated 50% of IGA deployments are in distress — that is, they have failed to achieve functional, budgetary, or timing commitments.
So why are organizations so unhappy with the IGA solutions they have purchased?
The answer lies in the history of IGA, the design center of most solutions, and the lack of innovation from leading vendors in recent years.
The IGA market started in the mid-2000s, not as Identity Governance and Administration, but as just Identity or Access Governance. It was driven primarily by regulatory compliance. In the wake of the dotcom bust of the early 2000s, regulations grew by leaps and bounds, and enterprises struggled to support SOX, PCI, HIPAA etc. A critical control every regulated enterprise needed, was user access reviews. Every single identity governance deployment started with a focus on automating access reviews and compliance reporting.
Meanwhile, the growth of on-prem business applications made the lifecycle management of user access a headache. With operational efficiency in mind, IT leaders were exploring automated provisioning and access management based on business roles. These features started to merge into governance platforms, complicating them and turning Identity Governance into what is known today as Identity Governance and Administration.
More isn’t always better
Unlike access reviews, however, which were a “must-have” — and continue to be a “must have” today — business roles and automated provisioning across the enterprise needed to prove their ROI and often failed to do so. Creating roles is easy but maintaining them using most IGA solutions is a nightmare! And without good business-driven logic that adapts to a constantly changing IT environment, automated provisioning has weak legs. To make matters worse, legacy IGA vendors included ancillary IAM capabilities such as SSO, Password Reset or privileged access management, as part of their platforms, further increasing the complexity of their offerings.
On-prem…or truly SaaS
Leading IGA vendor solutions have historically been on-prem systems that IT has run on application servers and relational databases servers – a painful deployment and maintenance process that many organizations endure to this day. Vendors have tried to “lift-and-shift” their offerings into AWS or Azure clouds, but the cloud-hosted transplanted offerings aren’t native SaaS, and fall well short of their on-prem brethren in terms of functionality,
Never-ending professional services
Extracting entitlement data from hundreds of business applications has always been a challenge. Historically, entitlement data from on-prem apps was collected primarily through file exports. Some apps had custom APIs which required developers to build custom API connectors. Security teams lacked the context to make semantic sense of data exports, and IGA vendors failed to make integration and customization simpler. IGA solutions also failed to help large enterprises deal with the organizational complexity of access review processes. As a result, IGA deployments became professional services oriented.
Every deployment became a heavy lift. Implementations took years and needed costly professional services consultants to; maintain application and database servers, onboard apps with curated file exports, code API connectors, coordinate data imports with app owners, and implement process changes. Every new app became a thorn in the side of the IT team!
The cloud changed everything
While IGA platforms were taking ever longer to deploy and often stalling after a few apps, rapid cloud adoption was transforming IT. Today, cloud infrastructure, cloud databases, SaaS apps, DevOps pipelines, DevOps security, cloud scale, and agility are all at conflict with the complex, slow, professional services centric approaches that most IGA vendors espouse.
Here are some of the challenges we hear daily in our conversations with CISOs and CIOs.
- IGA deployment costs and complexity are out of control and way over budget.
- Vendors pay lip service to automation.
- Most deployments require sizable professional services teams for years.
- Connectors are limited to popular SaaS apps. Supporting other SaaS apps or homegrown cloud-native apps that store sensitive data is a costly development exercise. Vendors have no solution for the hundreds of cloud apps that lack both security APIs and file export capabilities.
- IGA deployments struggle to support cloud platforms like AWS, Azure and GCP, and databases like Snowflake and Databricks. These systems have access models too complex for the core functionality of most IGA solutions.
- “Convergence” is a pipe dream. Vendors sell the promise of “convergence” with suites that include; access reviews, role mining, identity lifecycle management, and sometimes SSO or privileged access management. But deploying access reviews alone with one of these converged suites takes years!
- IGA solutions do little to automate security remediation for identity threats and the cloud has made identity a critical security vector.
So where does that leave organizations that are rapidly moving to the cloud, and yet hoping to sail through their IGA journey or save themselves from identity and access exposures? They need to re-assess their investments and take a fresh look at the space.
The cloud and digital transformation demand a new and simplified approach. At Zilla Security, we see IGA evolving into a new Identity Security Platform that embraces cloud and hybrid IT environments. Organizations today need a SaaS platform that’s simple to use, comprehensive in coverage of services and apps, automated, self-learning, and built for cloud scale. Most importantly, companies should be able to easily on-board all of their apps and services. That’s what Zilla delivers.