Identity intelligence – which can be seen as the twin brother of identity governance and administration’s – is surrounded by a lot of myths, some of which are very persistent. Those myths can be dangerous, in the sense that they might lead to wrong decisions, which could bring serious business risks and inefficiencies. In other words, businesses need to see through them to ensure efficient and secure management of all identities and their access.
Identity governance is what you really need, while identity intelligence is merely the icing on the cake
This is definitely a wrong assumption. In fact, it is wise to take care of identity intelligence even before commencing governance activities such as provisioning. In practice, this is not yet widely used, but the sooner identity intelligence work can start, the better.
There are several reasons for this. The first is that, when your administrative data is not 100% accurate and/or up-to-date, provisioning will inevitably lead to wrong decisions and thus to wrong access assignments. For instance, certain staff members will be granted more access rights than they actually need, which is a risky situation.
Then there’s the legacy factor. Even if your current governance approach is (close to) perfect, there might still be threats lurking under the surface originating from a period where governance was less developed in your company then it is today. Similar threats might occur when your company takes over another company or when entities of your company – think about applications, departments, … – are merged.
In any case, visibility in the situation is essential to make the right decisions and this not only with regard to governance activities but also with regard to other future IAM investments.
Software suites that are designed for identity governance and administration often include a few basic capabilities for identity intelligence, but lack the necessary sophistication and nuance that are needed to do this properly. Besides, they’re often too complicated and overly technical for business users. Furthermore, implementing provisioning, and especially automated provisioning, demands for a long lead time. In general, this will take between 12 months and three years.
‘I have spreadsheets, so I don’t need identity intelligence tools’ and more myths debunked
Curious about why using spreadsheets or business analytics tools for identity intelligence purposes is not going to cut it, why identity intelligence and governance are also relevant for companies not operating in a highly regulated sector, or why identity intelligence shouldn’t be a sole IT concern?