Using Attributes as a Key Business Enabler in Identity Governance and Administration (IGA)
Posted by: GuidePoint Security
Published 10/11/2021, 9:00am
In addition to supporting a more secure environment, identity and access management (IAM) can deliver business value and help meet business objectives.
This blog will examine how applying an attribute-based approach to an identity governance and administration (IGA) program can help meet current and future business needs and reduce time to value.
What are identity governance attributes, and why define them?
Attributes are keywords derived from stakeholder requirements based on needs, values, objectives, or priorities. Taking time to understand each business group’s needs early in the identity program implementation process and then defining attributes ensures commitment and buy-in from all business groups.
Defining Identity Governance Attributes and Stakeholders
Every business has stakeholder groups that range from executives and managers to specific teams like compliance and risk management. Attributes for each group can vary as follows:
- Executives & Program Sponsor Stakeholders and Attribute Examples—Includes C-suite employees and program sponsors (e.g., executives and senior management). Attributes for these groups include things like reduction in operational costs, return on investment, support for business growth, and improved productivity.
- End-user Computing Stakeholders and Attribute Examples—Includes end-user computing stakeholders. Attributes include accessibility, accuracy, and self-service.
- Manager Stakeholders and Attribute Examples—Defined as the members of the management team that are responsible for reviewing and approving or rejecting user access. Attributes include things like automation, maintainability, governance, and cost-effectiveness.
- Operations Stakeholders and Attribute Examples—Includes the business teams that support IT operations, organizational change management (OCM), service desk, or human resources (HR). Typical attributes include availability, interoperability, and standardization.
- Risk Management Stakeholders and Attribute Examples—Risk management stakeholders include business and IT risk departments. Attribute examples include assurable solutions, auditability, certifiability, compliance, and automated remediation.
- Compliance Stakeholders and Attribute Examples—Compliance stakeholders include members of the legal or compliance teams. Attributes important to this group include compliance, enforceability, reporting and analytics, and admissibility.
- Enterprise Architecture Stakeholder and Attribute Examples—Stakeholders that support enterprise architecture efforts need to work closely with business teams to define solutions. Key attributes include flexibility, scalability, standards compliance, and out-of-the-box integrations.
Using Attributes to Manage an Identity Governance and Administration (IGA) Program
With attributes defined, it is crucial to put a governance framework in place to support the creation of an IGA capability and address each attribute. The framework aids in the development of a prioritized plan for implementing capabilities to address attributes. In addition, it identifies and defines stakeholder categories, establishes processes for each stakeholder group, and helps to focus on attributes of interest during cadences.
There are usually two governance stakeholders within a governance framework—the steering committee and the key influencers. There is also an IGA Implementation Team that serves as the attribute custodian, and finally, there is a Critical Support Team that provides support functions.
- Steering Committee—Composed of the Executive & Program Sponsor and Enterprise Architecture stakeholder groups. Sets the direction of the IGA team by assigning priorities; addresses any escalations from the IGA team; clears roadblocks; allocates additional resources
- Key Influencers—Composed of remaining attribute-contributing stakeholder groups (Compliance, Risk Management, End-user Computing, Operations, and Managers). Provide key IGA process requirements and participate in program-level decision-making
- Critical Support Team—Includes HR, the service desk, organizational change management (OCM), and infrastructure support. This team oversees information sources that seed identity data, communicates across the organization, creates training materials, and supports infrastructure.
- IGA Implementation Team—Includes the delivery lead, IGA architect, IGA consultant(s) and the IGA business analyst (BA). Reports to the steering committee and serves as the custodian of all the attributes. Accountable for addressing all the attributes derived from business requirements based on priority. Also engages with the key influencers to provide updates on attributes.
By applying the critical factors associated with identity governance and putting a framework in place to continually govern the program, organizations can mature their identity governance program and position it to support business objectives and deliver value.To read more about an attribute-based approach in identity governance, read our in-depth white paper: Delivering Business Value Through a Well-Governed Digital Identity Program.
GuidePoint Security