Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Enterprise ServicesSecurity Leadership and ManagementLogical SecurityAccess ManagementIdentity Management

What Identity Governance is (Not)

By Matt Mills
Security blog default
May 18, 2020

I often catch articles in my newsfeed that are supposedly about identity governance but upon reading the fine print, they invariably wind up being about access management. These articles are all missing the bigger picture – access management is essentially the ‘badge reader’ of identity, the granting of access to the proverbial building. But access is just the beginning, and to be honest, without the intelligence that identity governance provides, access management can become a source of exposure for businesses if done in a silo, without the identity governance ‘brains’ backing it up.

It bears reiterating, then, what identity governance is, and what it is not.

What Identity Governance is (not)

Identity governance historically has come with a reputation of being this complex hard ‘thing’ that most companies will never fully need if they have ‘good enough’ access management in place. But access management is no replacement for identity governance. Identity governance and access management is not an ‘either/or’ scenario, despite what your newsfeed may be trying to sell you on.

And here’s why: without identity governance backing up your access management decisions, you’re opening the business up to potential risk the very moment you authorize a user with access to whatever application or data they’ve requested to do their job. You need the identity ‘brains’ to know that the person authenticating in actually should have access for their role and what exactly that access entails. And ideally, that should happen dynamically, at the time of authentication.

This is where ‘governing’ vs. ‘managing’ access is critical. By governing access, you’re putting parameters around a users’ access. In simple terms, governance would say: Yes, they can enter the front door but they can only access their office, the lunchroom and the elevators. And no, they cannot enter the finance department or payroll or the executive suite. Managing access without identity governance is essentially opening the door and letting users roam the entire building, ungoverned.

What Identity Governance is

Identity governance is intelligent. It knows ‘who should have access to what’ for every single user across the business. It does this by using context (think user location, attributes, job function, current projects, device used, etc…) to determine this. That includes both human and non-human users. And applies to every single application, piece of data and infrastructure that your users have access rights to.

Identity governance is enablement. With identity governance backing up every single identity decision made (e.g. “should access to the HR payroll system be granted to Joe in Facilities?”), the business can run full steam ahead, with the confidence that every access decision is scrutinized and fulfilled by the identity platform but also by being documented with a detailed audit-trail. Add in AI and ML technologies and now you have an even more intelligent identity program that learns your organization’s access patterns and no longer requires a human to make such decisions but rather automates these decisions and accelerates delivery of access and increases overall productivity. The good news is that identity doesn’t have to be complex, it can be simple, autonomous and even predictive today. 

And finally, identity governance is security. Yes, identity IS security. It’s not just about opening the front door, it’s about opening the door with confidence that the person stepping over the threshold not only belongs there but can walk about the areas of the building they need to, but with guardrails around the areas of the building they do not belong.

To my earlier point, identity governance doesn’t have to be hard. Today’s identity governance has come light years ahead of where it once was, or was perceived to be. It’s no longer ‘just’ something businesses use to certify access and to stay in compliance. Identity has become the security foundation of today’s digital enterprise. It can be both your IT wingman and your business accelerator.  Without it, you’re kind of in the stone ages. With it, you can trail blaze new paths with confidence.

 

 

 

KEYWORDS: access control cyber security identity (ID) management

Share This Story

Matt mills sailpoint
Matt Mills is the the Head of Global Field Operations and Chief Revenue Officer at SailPoint Technologies, where he is responsible for driving the company’s strategy and execution on all revenue-connected and customer success aspects of the business while enabling the future of building innovative, effective technology for customers.

Blog Topics

Security Blog

On the Track of OSAC

Blog Roll

Security Industry Association

Security Magazine's Daily News

SIA FREE Email News

SDM Blog

Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing