Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Effectively evaluating identity governance solutions

By Nick Barfield
data-enews
December 10, 2020

Enterprises are grappling with increased complexity as cloud adoption increases, the perimeter expands, and digital transformation projects take hold. The accelerated shift to remote working has only added to the complexity. As more businesses leverage hybrid IT environments in their digital transformation journey, many confront challenges managing identities and access across multiple applications, clouds, networks and servers.

With increased complexity comes an accelerated need to put strong identity governance in place. But this can be difficult to navigate – and can seem a costly nuisance when not done right, especially as many organizations are dealing with legacy systems that can’t meet future needs.

Once you’ve realized that you need an identity governance solution in your organization,  how do you embark on this initiative? The selection process can be a costly, drawn-out and ineffective exercise, if not planned and executed carefully. Below are best practices for evaluating an identity governance solution and choosing the right partner for rapid, cost- effective success.

 

Challenges: Budget, TCO and time to value

Identity governance solutions have to work overtime in the wake of digital transformation. It is critical for organizations to consider the new demands of administration, monitoring and control of user access before migrating to the cloud. Digital transformation inevitably means more mobile devices and transactions. It requires access to be granted anywhere, any time, leading to new polices and legislations that need to be supported.

Budget concerns are always a major issue – security is like insurance in that it can seem expensive until you need it. And because of this, it can be tough for CISOs to make the business case for identity governance in comparison to other projects with a seemingly more immediate and hard ROI.

To ensure quick implementation, many organizations are looking at full-featured, cloud-based identity governance and administration (IGA) solutions. Even those organizations that start off with an on-premises solution must ensure that their vendor of choice has a clear and frictionless route to the cloud when the time is right.

 

How to evaluate and prepare for IGA

Regardless of the different factors complicating the situation, identity governance is something organizations must take seriously, or they run the risk of data breaches, compromised information and the fines. That’s not mention the potential legal and reputational ramifications that inevitably result. But not all solutions are the right fit for your organization’s unique needs; in fact, Gartner’s Critical Capabilities for Identity Governance and Administration Report found that about half of current IGA deployments are in distress. Examining a few key areas during evaluation of solutions can go a long way to helping prevent your deployment from going south.

Scalability is essential. If a solution can’t expand and meet the future needs of the business, it will end up being more of a problem than an answer. When you make the investment in an IGA solution, pick one that doesn’t hamper agility and growth.

Another critical factor is time to value. You want a solution that will deliver in the shortest period of time – not one that gets your project lost in set up and endless planning. For an enterprise cloud deployment, your chosen IGA solution should deliver value in under 12 weeks.

And then there’s the matter of configuration, not customization. In the past, many identity governance and IT implementations have been more about bending the tool to the organization, and there is now a real appetite to reverse that. Configuration and process alignment to best practices will dramatically reduce total cost of ownership.

Once you’ve decided to deploy a new, modern IGA solution, it’s important to take certain steps to ensure success. Analyze where your organization currently is in terms of identity governance. Then, consider where you want to be. Finally, evaluate how can get there and who with. This will be essential to determining how you can close that gap. You need to understand where you are on the journey and what you need to do to take the next steps.

 

Ensuring successful deployment

Make sure to adopt a best-practice process framework, which will include the most important processes needed to ensure a successful IGA deployment. These include:

Access Management: Look for a solution that supports automated provisioning and de-provisioning of users’ access. Features that allow automated provisioning and assignment of access rights via rules and policies enable quick roll-out of access to new business applications.

Identity Lifecycle Management: A best practice solution controls employee, customer and partners’ lifecycles. It manages employees’ or contractors access rights as they join the company, change roles and leave the company.

Emergency Lock-out: If there is an identity security breach, the administrator can perform an emergency lockout to suspend all accounts associated with a compromised identity. Once the situation is contained and any access violation has been mitigated, the administrator can reactivate access.

Aligning with Business: Policies, roles and contexts can be designed to accurately model and reflect the business structure. There are automated processes for onboarding of new applications as a virtual resource, including providing meaningful business descriptions and setting default access rights based on the existing policies.

Streamlined Administration: Managing passwords, applications and systems ensures the smooth onboarding of business systems so they can be brought under management in the IGA system. Look for a solution that enables easy password reset without helpdesk contact, with synchronization of passwords across all connected applications so users only have one password to remember.

Governance: Strong governance secures validation and approval of the current state of identities, account ownerships and resource assignments. It enables easy-access review, cross-system reporting and analysis. Make sure you can define and manage segregation of duties (SoD) policies, including toxic combinations of access rights. Look for the ability to classify data types, as this improves management of and reporting on systems that contain business-sensitive or GDPR-critical data. The data classification features improve general management and oversight of data assets and enable fact-based conclusions and decision-making.

 

Choosing well

Complexity is only increasing in our digitized world. So is cybercrime, with identity theft a perennial favorite. Cloud deployments make IGA a critical business necessity to safeguard data, remain compliant and avoid steep fines from regulatory bodies. It can be tricky to navigate the field of identity governance solutions, as they can become money- and time-consuming with a low time to value and a high TCO. Use the best-practice recommendations noted above to help with your due diligence process and ensure success with your IGA project. Modern IGA solutions today offer full-featured IGA, that is cloud native, enterprise ready and can be deployed rapidly.

KEYWORDS: cyber security digital transformation identity governance security budget

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Nick Barfield is Chief Revenue Officer at Omada.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber-frame

    If Michael Jordan is zero trust, then identity governance is Scottie Pippen — Why cybersecurity is a team sport

    See More
  • erp-freepik1170.jpg

    7 essential capabilities to consider when evaluating ERP security, risk and compliance solutions

    See More
  • Identity governance initiatives at your enterprise

    Three reasons why identity governance projects fail

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing