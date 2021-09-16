The quick shift to remote work because of the pandemic sped up the transition to more employees working remotely. Analysts at Gartner discovered in mid-2020 that 82% of business leaders intended to let employees work remotely at least part of the time, even once COVID-19 restrictions eased. What we're now seeing is a shift towards a hybrid approach. This change affects many areas of business, including increasing the need for robust control of identity-related risk. Legacy identity governance and administration (IGA) solutions are struggling to keep up with this new hybrid environment, and the need for modernizing IGA architecture is clear.

The Ultimate Attack Surface: Identity

As people and connected devices have moved farther from the office, identity has become the new perimeter. Of course, this concept did not arise due to the pandemic's increase in remote working. Still, it has increased urgency with the large, sudden switch from people working within enterprise networks that are closely monitored and secured to largely unmonitored and often insecure Wi-Fi home networks.

Attack vectors have changed due to this shift of employees logging on from outside the reach of perimeter-based security solutions and increased uptake of cloud-based applications and services. This larger attack surface can leave organizations vulnerable. This change also impacts temporary, third-party and vendor identities. Identity is the new control plane and central to the implementation of a zero trust strategy.

Modernization and Integration

The above changes have emphasized the need for a more holistic, identity-centric, modern approach to security. Modernizing your IGA architecture and integration with complimentary identity technologies is key to enabling this.

Gartner estimates that within the next two to three years, 63% of organizations will move or have already moved their IGA architecture into the cloud — as either a cloud-hosted or cloud-architected solution. Modern IGA solutions will also allow for flexible integration with standard connectivity frameworks, such as SCIM 2.0, OAUTH, SOAP and REST, and make use of identity analytics and integrations to improve end-user experience, operational efficiency and risk management.

Integration with complementary technologies such as privileged access management (PAM), data access governance (DAG) and cloud infrastructure and entitlement management (CIEM) is important. However, what's also important is how these integrations fit your business requirements.

Keys to Effective Identity Management

A best-practices approach to creating an identity management strategy involves three basic elements, the first of which is strong identity lifecycle management. Having strong identity lifecycle management processes, including third parties and vendors, is critical for managing identity-related risk.