KuppingerCole Report
Whitepaper
By Martin Kuppinger

Identity Governance. The Value of Leveraging IGA Functions from the Cloud

With IT functions gradually shifting to the cloud, it is time to rethink the way supporting infrastructure and platform services such as IGA (Identity Governance and Administration) are implemented. While solutions running on premises, but also supporting cloud services were the norm until now, running IGA as a service, with support for the hybrid reality of IT infrastructures becomes the adequate solution.
By
mk@kuppingercole.com

Content of Figures

  1. Figure 1 Current IGA is primarily focused on static entitlements and SoD (Segregation of Duties) for financial risks, but doesn't cover all business-relevant access risks
  2. Figure 2 IGA as of today focuses on static entitlements of on premises applications. However, access risks derive from all applications, and beyond access risks. Future IGA has to expand its focus.
  3. Figure 3 Microsoft EMS (Enterprise Mobility + Security) provides an integrated solution, well-beyond the traditional focus of IGA.

Commissioned by Microsoft

1 Introduction

IGA (Identity Governance and Administration) is one of the core disciplines of today’s IAM (Identity and Access Management). IGA factually is a comb ...

Login Free 30-day Select Access Get full Access

2 Highlights

  • Identity & Access Governance’s shifting focus from on premises first to cloud first, supporting all types of services
  • The need for Identity & Acce ...
Login Free 30-day Select Access Get full Access

3 Identity & Access Governance: More than on premises, more than Least Privilege

IGA has to support the entire breadth of today’s IT infrastructure and business applications. With the shift to the cloud, the focus is shifting fro ...

Static entitlements only define which access is allowed or not, but don’t address which access factually happens. There are various situations of fr ...

Login Free 30-day Select Access Get full Access

4 The new focus of IGA: Entitlements, Devices, Access

IGA must support all types of services, regardless of the deployment model. IGA must support all types of users, from employees to consumers. IGA must ...

However, it does not deal with other challenges such as

  • insecure devices that e.g. carry malware
  • attacks that run in the context of users, via s ...
Login Free 30-day Select Access Get full Access

5 The solution: Integrated IGA from the Cloud

Running IGA from the cloud delivers best support for today’s cloud-centric IT infrastructures. It also allows for orchestrating various security ser ...

Login Free 30-day Select Access Get full Access

6 The Microsoft approach on IGA from the Cloud

Microsoft Azure AD Identity Governance is a set of capabilities for delivering IGA from the cloud. It integrates with other Microsoft Azure based secu ...

For managing the identity lifecycle, Azure AD delivers a set of capabilities. Users can be managed directly within Azure AD. Azure AD also supports fl ...

Login Free 30-day Select Access Get full Access

7 Action Plan for implementing IGA as a Service

IGA should become a service. This shouldn’t be simple a tools choice, but part of revisiting the IT strategy, the IT security strategy, and the IAM ...

Login Free 30-day Select Access Get full Access

8 Related Research

Advisory Note: Redefining Access Governance - Beyond annual recertification - 72529
Advisory Note: Working to the Business not the Auditors - 70865
Leadership Compass: Identity as a Service: Single Sign-On to the Cloud (IDaaS SSO) - 71141
Leadership Compass: Identity as a Service: Cloud-based Provisioning, Access Governance and Federation (IDaaS B2E) - 70319
Executive View: Microsoft Azure RMS - 70976
Executive View: Microsoft Azure Stack - 72592
Executive View: Microsoft Advanced Threat Analytics - 71554
Executive View: Microsoft ADFS: Active Directory Federation Services - 71126
Executive View: Microsoft Azure Blockchain Services - 71332
Executive View: Microsoft Azure – Security and Assurance - 71282
Executive View: Microsoft Azure Active Directory - 71550
Executive View: Microsoft Azure Information Protection - 72540

Copyright

©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.

top