Identity Governance and Administration
Case Study 3_Technology and Product Review for Identity Governance and Administration
While cyber security attacks are often executed by outsiders, insiders also present a major threat. Insider threats stem from, among other factors, user IDs and privileged accounts. This is particularly true at North-by-East Software, where controls over the issuance and management of user IDs and privileged accounts are considerably weak. The theft or loss of confidential information through insiders can result in disastrous consequences, underscoring the need for identity governance and administration (IGA) software. Indeed, in an ever more complex cyber security environment, the significance of IGA software is now greater than ever before. IGA software provides strong security controls against insider threats by enabling centralised identity management and access control (TechTarget, 2014). More specifically, the software enables privileged identity management, role-based identity administration, as well as identity intelligence. North-by-East needs a strong IGA product if it is to mitigate the threat posed by insiders. The firm requires a product that can effectively ensure least privilege and separation of duties.
IdentityIQ: Features, Capabilities, and Deficiencies
One IGA product that can be used is SailPoint's IdentityIQ. IdentityIQ can be used for identity management in mobile, on-premises, and cloud environments. It provides unparalleled integration with the wider information technology (IT) infrastructure. This integration is enabled by resource connectors incorporated into the base platform. IdentityIQ further enables enterprise users to effectively identify (detect), prevent, and control...
Indeed, detection, documentation, protection, prevention, and
reaction are important pillars of information security. Without providing these aspects, an information security solution may not be effective.
IdentityIQ ensures centralised visibility of all information (applications, data, users, and access), thereby minimising or avoiding the threat of inappropriate access (SailPoint, 2015). Also, with its strong detection and prevention controls, the software ensures access is consistently within the firm's policy. Further, IdentityIQ empowers enterprise users by guaranteeing constant access from any device, including desktops,
smartphones, and tablets. With capabilities for data governance, IT service management, mobile device management, user behaviour analytics, and privileged account management, IdentityIQ enables customers to make more informed security decisions in an increasingly complex security environment (SailPoint, 2015). These capabilities are supported by the software's unique features, including strong application program interfaces (APIs), a provisioning broker that readily integrates with third party applications, as well as unmatched analytics tools (Kannan, n.d.).
With its outstanding identity management capabilities, IdentityIQ has received fairly high user ratings, scoring 3.7 to 4.3 out of 5 in the categories of
evaluation and contracting, integration and deployment, service and support, and product capabilities (Gartner, 2017). Users have particularly reported positive experiences with the software's pricing, flexibility, quality, and functionality. In addition to its robust cyber security capabilities, IdentityIQ enables enterprise users to minimise the cost of identity administration. Without…
