Identity Governance (IG)
Identity governance (IG) is a subcategory of identity and access management (IAM) that emerged from the needs of organizations to comply with new regulatory requirements such as the Sarbanes-Oxley Act (SOX) and the Health Insurance Portability and Accountability Act (HIPAA). IG provides organizations with better visibility to identities and access privileges, and better controls to detect and prevent inappropriate access.
IG solutions are designed to link people, applications, data and devices to allow customers to determine who has access to what, what kind of risk that represents, and take action in situations where policy violations are identified.
Identity governance products are typically deployed “on top” of identity and access management systems to enable organizations to define, enforce, review and audit IAM policies, map IAM functions to compliance requirements and audit user access, to support compliance reporting. Specific identity governance product features including user administration, privileged identity management, identity intelligence, role-based identity administration, and analytics.
SailPoint Identity Governance is a suite of solutions designed to link people, applications, data and devices to allow customers to determine who has access to what, what kind of risk that represents, and take action in situations where policy violations are identified.
Identity Governance solutions are built to help customers comply with regulatory requirements such as HIPPA and SOX, but they are not required to achieve compliance.
Centralized user provisioning is when users are granted and revoked access permissions to different networks, systems, and services from one centralized system. Without centralized provisioning, system administrators need to manually manage accounts for each system or service separately, including setting them up, assigning permissions, revoking permissions and tearing them down.
IG solutions are designed to link people, applications, data, and devices to allow customers to determine who has access to what, and what kind of risk that represents. As such, they are able to produce views and reports that are responsive to many questions that typically come up during an audit process.
The Identity Governance Framework (IGF) was a project run by the Liberty Alliance for standards to help enterprises determine and control how identity information is used, stored, and propagated using protocols such as LDAP, SAML, and WS-Trust and ID-WSF. IGF enables organizations to define policies that regulate and control the exchange of identity information between application systems both internally and with external partners. Policy information produced by IGF is useful for privacy audits that assess the use of identity information in applications and for systems capable of enforcing policy.
Identity governance solutions provide centralized visibility for the current state of user access by aggregating and correlating identity data across all company resources, whether on-premise or in the cloud. Once the data is in one place, it is analyzed to understand the access privileges granted to workers – i.e. who has access to what. With this baseline established, a governance model can be developed to define who should have access to what, define oversight and approval processes, and automatic enforcement of policies during provisioning, access request, and password changes.