By André Facciolli, CEO of Netbr
We are experiencing a rapid change of vision regarding the role of digital identity in the context of information environments, as well as in the way of facing the conformation of identity in resource management processes and cycles of access to IT data.
In order not to have to go down to a tangle of issues, let's say, in a nutshell, that such a change translates into the evolution of control practices in the creation of identities and their technical rules of attribution. This evolution transfers these elements to a higher and more comprehensive level; a level where identity policies are now addressed in their direct relationship with applications and business.
In a historical retrospective, we can see that the first technological wave sought to resolve identity control through the provisioning of user accounts, which was called "Identity Management" (or IdM -identity Management). Then, we move on to a model in which the rules for the distribution of the attributes of identities are also managed, thus constituting the "Identity and Access Management" (or IAM - Identity and Access Management) environment.
Once this concept was consolidated, we finally evolved into a model that the jargon of the compliance and risk management industry calls "Governance and Identity Management" (or IGA - Identity Governance and Administration).
The main difference between these views is that the IdM / IAM model results from the gradual and constant updating of user account provisioning practices and treatment of its attributes and rules, with a minimum of self-service.
The current vision of Governance (with its reconciliation functions) represents a new approach to the problem of identity and access, now much more overlapped in business, and with a focus on efficiency, operation and risk.
The reason we treat this as an advance is because IGA-based processes assume the creation of a new layer of diagnosis, planning, supervision, command and documentation that will interact with all existing technical models: provisioning, attributes, rules and permissions.
This layer has, under its command, the policies of certification, attestation, compliance and the management of requests (or processes) of access by the identities.
All of this, always according to the business guidelines and risk mitigation, and always with a level of agility compatible with the current requirements of the business.
The traditional virtues of IdM / IAM already represented a certain achievement. They allow the user's rights to be managed and allocated automatically, based on predefined function maps, which is not at all negligible.
However, despite providing a high degree of accuracy and security, this model has the disadvantage of being slow to implement, often taking years to complete in its entirety.
As a result, after their completion, it is common for such function maps to no longer remain reliable, due to the rapid changes by which the business is changing. This created a sense of unfinished and sometimes costly and overly manual design.
In the Governance proposition, in turn, identity platforms include functions that go far beyond automation and monitoring of authorizations and access control. The IGA, once implemented, starts to respond to much more complex needs, such as: that of auditing; that of business intelligence in the identity cycle, that of implementing the dynamic management of identities and accesses (always in line with the business context) and that of permanent supervision of the application of compliance rules.
And it is important to emphasize that this level of response from the IGA extends across all dimensions, increasingly plural, of identity, be it a human user or non-human accounts, such as, for example, a system component that interacts with applications , resources and databases (privileged access).
Thus, in harmony with the investments made in IdM and IAM, the typical IGA platform is aimed at strengthening security and control of risk exposure.
The provisioning automation, something already foreseen in the early days of IAM, now has the analytical capacity of fast and complex data, as is necessary in the cloud, big data and unstructured data environment. And all of this with a much more palpable return on investment.
This analytical intelligence is also useful, on the other hand, for the timely activation of controls for proactive cyber security actions, such as the identification of data breaches throughout the typical process of an external invasion (including recognition, infiltration, exploration and extraction phases).
We have therefore reached a level of functionality that some have equated with the "shopping cart" of an ecommerce portal, or a "customer relationship" system, or an ERP; or, finally, to a business system powered by data intelligence, fast processing and application of strict, but self-evolving rules.
Thus, we start from a level in which identity management - an ancient and, for many, complicated discipline - now assumes a much more relevant position in business strategies. It now occupies an operational dependency that we think is appropriate to call the "Security Center".
Thus, the IGA has become mandatory in a world in which information tends to lose its form, place, means of propagation and ways of accessing and using it. And in a world in which the speed of deliberations (and, therefore, access authorizations) needs to accompany the extreme speed with which business information travels throughout the organization. Let's get ready now for a new wave: Assignment Governance.
EN 
PT 
