CybersecurityPrivacySecurity

Emerging Trends in IAM Part 1: Simplified Engineering

Pierce ChakrabortyJeffrey McDonald
July 25, 2023
6 min read

Workforce hybridization and changes to the centralized nature of business operations over the last few years have sparked a digital reformation in the way IT functions around the globe deliver their services, especially cybersecurity.

Securing key assets and data in a hybrid world has highlighted many challenges for CIOs and CISOs across the board. One of the largest challenges is securing identity and access management (IAM) practices. According to IBM’s 2022 Cost of a Data Breach report, almost 20 percent of breaches in 2022 stemmed from credential misuse and resulted in a $4.35 million loss on average per breach.

This trend has resulted in many organizations beginning (or reimagining) their journey toward building a mature identity program. Leveraging identity governance (IGA), privileged access management (PAM) and access management (AM) tools are necessary steps on this journey to increasing maturity; however, companies that reach this level of maturity are pushing the bar higher to establish IAM as the foundation of security for their organization. We have observed several industry-agnostic trends in the IAM space, and this series of posts will evaluate those key trends that organizations will focus on over the next few years, covering trends such as digital authorization machine identity management (MIM) and passwordless authentication. This first post highlights the increasing need for simplified IAM engineering.

Simplified IAM engineering

An emerging trend in IAM has been the desire to reduce the engineering required to deliver and maintain IAM services. Many organizations have built custom components for their identity environments and while they may satisfy one or all their necessary use cases, these components are often difficult to maintain and come with the burden of an increased manual overhead. Because most IAM teams run lean, decreasing manual overhead is often the number one reason organizations cite to justify improving their identity environment. This trend to reduce engineering is one that technology vendors have been leaning into over the past few years as traditional, on-premise technologies give way to more modern SaaS-based solutions. The transition from highly customizable solutions residing in the data center to best-practice-based SaaS solutions has forced organizations to take a hard look at their processes and policies and challenge the status quo of their identity programs.

The IAM solution space (IGA, PAM, AM, etc.) is full of mature commercial products that execute use cases efficiently and effectively. When we say organizations do not want to “re-engineer” IAM, we mean they would like to look to these tools to manage IAM instead of relying on homegrown systems. This push, along with the ever-present need to deliver cost savings, has led many companies to look to the cloud, specifically SaaS. Many companies across multiple industries are moving away from tools that allow (and often require) more customization and options such as Microfocus, Hitachi, and other cloud-based tools such as SailPoint and Saviynt.

Customization drives a shift in thinking

The trend of IAM leaders moving away from the use of highly customized tools reflects changing attitudes among many IAM professionals. Customization was once seen as a benefit, but increasingly it is seen as a burden. While having the option to do anything may, on the surface, seem to be what every customer wants, in practice too many options can muddy the waters and produce IT environments that are overly complex. Asking business stakeholders and application owners, the question “What do you want to do?” opens a Pandora’s box where teams can talk in circles about what should be deployed without thinking about the overall ROI and potential challenges such customization would produce.

In contrast to this open-ended question, the rigidity of cloud-based IGA solutions acts as a catalyst that provides organizations the opportunity to change business processes that would otherwise remain stubbornly complex. Asking the more specific question, “Should we go with option A or option B?” forces other teams within the IT organization to prioritize what capabilities they really need. Do we really need to pull all these attributes? Is this process overly complex? What is the simplest trigger we can use to drive this provisioning process? These are all questions organizations will need to ask themselves to align business processes to these cloud-based applications.

The time has come to abandon the open-ended whiteboarding sessions of “How do you want this to work?” and yield to the “How can we evolve processes to maximize the capabilities of the tool?” discussion. The simplification of business processes in this manner will ultimately present two major benefits to organizations modernizing their IAM programs.

First, major IGA tool providers are following the business trend of migrating to the cloud. Vendors such as SailPoint and Saviynt are pushing their cloud-based products over their traditional on-prem offerings with consistent and increased investment and development with a focus on closing the gap of feature parity between the two solutions. Choosing a SaaS-based application will not only offload the day-to-day maintenance tasks to the solution provider but will also ensure the organization is not relying on a tool that will receive less development over the long run.

Second, simplification of business processes will allow IAM teams to run leaner with fewer siloes and without fear of institutional knowledge being lost. Establishing sustainable business processes with clear documentation encourages communication between different teams within the organization and will reduce bottlenecks that often slow IT development. In addition, sustainable processes will reduce overhead currently used for maintenance of over-complicated business processes which are more prone to breakage due to an increased number of points of failure.

Ultimately, moving away from highly customized IAM products towards more rigid cloud models could be an effective way to create a more simplified, and more effective, IT environment and business processes.

Read the other blogs in this series: Emerging Trends in IAM – Part 2: Using the Sunlit Approach to Simplify RBAC, Emerging Trends in IAM Part 3: Machine Identity Management and Emerging Trends in IAM Part 4: Going Passwordless with the FIDO Use Case.

Read the results of our Global Technology Executive Survey: The Innovation vs. Technical Debt Tug-of-War.

To learn more about our cybersecurity solutions, contact us.

Pierce Chakraborty

Director
Security and Privacy

View all posts

Jeffrey McDonald

Senior Manager
Security and Privacy

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
18 Apr

Learn more about what GRC Managed Service is and what it can do for SAP S/4HANA and SAP cloud solutions in the latest #SAP Blog post. https://ow.ly/OMaL50RfsHw #ProtivitiTech

Reply on Twitter 1781035159438954997 Retweet on Twitter 1781035159438954997 Like on Twitter 1781035159438954997 Twitter 1781035159438954997
protivititech Protiviti Technology @protivititech ·
17 Apr

Protiviti is a proud sponsor of ServiceNow Knowledge 2024—a three-day conference all about #AI. Stop by our booth (#2503) to visit with our team and learn how the #ServiceNow platform makes business transformation possible. https://ow.ly/qa6p50Rh9wf

Reply on Twitter 1780627914964308382 Retweet on Twitter 1780627914964308382 Like on Twitter 1780627914964308382 Twitter 1780627914964308382
protivititech Protiviti Technology @protivititech ·
16 Apr

What is #DesignThinking? Could it help your organization? Find out how Protiviti uses it to help clients build net new applications and modernize legacy systems. https://ow.ly/fMK550Rfsoi #ProtivitiTech

Reply on Twitter 1780204913663873376 Retweet on Twitter 1780204913663873376 Like on Twitter 1780204913663873376 Twitter 1780204913663873376
protivititech Protiviti Technology @protivititech ·
15 Apr

Join our May 2 webinar designed for privacy and security professionals seeking to navigate the intricate nuances of data governance within the ever-evolving global regulatory landscape. Register today! https://ow.ly/hzrG50R4fTX #ProtivitiTech #DataPrivacy

Reply on Twitter 1779872392535212145 Retweet on Twitter 1779872392535212145 2 Like on Twitter 1779872392535212145 1 Twitter 1779872392535212145
protivititech Protiviti Technology @protivititech ·
12 Apr

The latest Technology Insights Blog post offers insight into the unique risks associated with Large Language Models (LLMs) and how to establish strategies to mitigate them. https://ow.ly/q3w550RfbXm #ProtivitiTech #TechnologyInsights

Reply on Twitter 1778890996282982442 Retweet on Twitter 1778890996282982442 Like on Twitter 1778890996282982442 Twitter 1778890996282982442
Load More