5000 Miles From Texas

written by
Paul Walker
Identity Governance
May 22, 2020

Starting a new gig is always challenging, like literally being thrown in the deep end.

Especially when you’re almost 5,000 miles long haul from the beating heart of America and with the recent welcome addition of Mr Sean Koontz what is fast becoming the beating heart of Clear Skye, Texas!  

I remember living in France for over a decade and upon announcing my family name being greeted with smiles, “Walker TEXAS Ranger!” my French friends would announce… I missed out on my chance to move to Austin twice in my life already, I certainly wasn’t going to miss out on the chance to work at Clear Skye with good buddies, old and new shaking up the IGA market with a better way to IGA!

Take a Mac, use Zoom, use Slack… they said…   Well I can report back that after three weeks of losing my windows and getting aggressed by virtual desktops I can, like Mr Whale said in a recent Clear Skye blog post, I TOO can be a digital survivor!  I feel transformed.

Since joining Clear Skye I’ve been taken aback by the pace at which the market is waking up to a new and better way of IGA. The sheer number of customer and partner conversations, it’s almost as if a light bulb, sitting dormant for years, has been switched to the ON position.  Working as we do in information technology, we’re all used to a seemingly ever increasing flowrate of innovation and new concepts to learn. For myself being part of the product management team here at Clear Skye it’s my responsibility to help us deliver innovation that’s useful and relevant for our customers and to ensure our engineering team understands the value of what they are building.   As we grow out the Clear Skye team, talking with engineers coming from a ServiceNow background I find myself going back to basics on what Identity Governance and Administration (IGA) is and what it shouldn’t be; I’ve listed some of these points below, always good to double back and remind ourselves;

• IGA assists organizations on their journey through digital transformation. It should remove friction from user journeys and reduce the risk businesses are exposed to as information is shared by new applications, new business initiatives with many new business partners (and customers) playing an integral role enabling new digital business initiatives.

• IGA shouldn't run slower than the business.  As your business opens up new initiatives you shouldn’t have to delay whilst waiting for security to catch-up.

• IGA shouldn't introduce additional friction by adding extra burden on the end users

• IGA shouldn't introduce additional integration challenges by being yet-another-system to integrate. IGA shouldn't be a silo that is effectively an island on a different platform s that requires expensive and difficult integration with your ITSM, GRC or Security Operations.

IGA is both security and efficiency, how does running workflow and storing your Identity model off your business platform assist with overall security? Or indeed improve the user experience?

• IGA is really just another business function and a set of business processes requiring automation just like any other business process you have.

IGA shouldn't require your organization to retrain and learn yet another portal. Shouldn't require your technical staff to learn and implement yet another security permissions model, shouldn't require additional workflow and integration skills. After a few weeks in my new role, I am reminded that this is the experience most IGA solutions force upon their customers.

If your IGA vendor considers sufficient integration with ServiceNow the ability to create and check the status of ServiceNow Tickets, then you should have a conversation with one of our consulting partners. Whilst ticketing is a useful, and often necessary function to resolve security or access needs it’s really the lowest level of integration.

Meanwhile some IGA vendors recommend you implement a disconnected service portal to their siloed IGA solution inside of ServiceNow, running IGA workflow outside the Now platform, disconnecting the audit trail - this is a fragmented approach and leads to inefficiencies and risk.

Let's take a moment to drill down onto some particular topics, let's take Service Management. Customers adopt ServiceNow for many reasons, to improve the User Experience, to create efficiencies and reduce friction – all delivered securely from the cloud.  When we look at the processes that make up IGA and compare them to a service platform such as the Now platform why would you run IGA from a stand alone platform?

What customers are telling us is the traditional IGA approach of gluing a different IGA request experience by embedding iFrames, or redirecting to an external portal is just confusing.    Customer security analysts and architects should challenge this traditional IGA setup, why is the process fragmented, how about reporting, how about the audit trail, is this all integrated? Why is the workflow running OFF platform?

Listening to the Clear Skye customers who've adopted this new post-modern approach tell us that being on the same platform delivers significant additional value to the business.

Clear Skye IGA is a fully featured IGA solution built on and delivered using the ServiceNow service platform. The application is available on the Now platform app store. Customers can request a trial direct from the ServiceNow store. And start leveraging the components of ServiceNow that they already have. The level of effort getting the application installed and working is very small, within a few hours you can get IGA up and running, ingesting data and providing value through IGA functionality such as Access Reviews and reporting.

Sitting natively on the platform, running IGA workflows  directly on the Now platform removes friction from the traditional way of integrating external IGA to ServiceNow.  IGA is just another business process that requires automation, WHY should you implement IGA workflow differently than all of your other processes? That's a problem.  External IGA is bogus integration and doesn’t deliver what you need.

Being adjacent to ServiceNow apps such as CMDB and SecOps, Clear Skye IGA natively exposes an IGA context to those business processes. For example, giving a richer experience when performing ticket resolution or controlling risk via GRC. It really is a workflow platform.  Other examples include, during access request Clear Skye workflow can easily interrogate, using workflow, security incidents relating to the request beneficiary, or whether or not the requested entitlement is high risk. And importantly none of this workflow has to leave the ServiceNow system. Decisions can be made using accurate up to date information.  GRC and SecOps can see IGA events such as offboarding, onboarding, transfer as well as access request and access review decisions made within the Clear Skye application. Automated GRC indicators can feed this IGA information directly into the risk control structure of GRC.  Indicating whether or not a Risk Control Objective is compliant or not. This delivers significant additional value to our ServiceNow customers.

It's one of our goals here at Clear Skye to not only deliver full-featured post-modern IGA to our customers but also to double down on the Now platform integration use-cases. Net result is our customers have increased security and therefore lower risks but also additional business value through the integration of Identity context platform integration to their existing Now applications. Truly a better way to IGA.

Each day that passes as I’m settling into my new role and I’m learning and listening as much as I thought I would be teaching. So many recent conversations with customers and partners end with, “This is such a good obvious fit, why didn’t anyone think of it before!”  

So, on this Friday as I kick back watching my kids destroy the family trampoline pondering the next innovation from Clear Skye, sipping warm English beer with my very own version of Texas BBQ, I’m content with my choices and even learning to live with my Mac ;-)

share on

Related Posts

Take a Self-Guided Tour

Personalize your own on-demand demo to see how identity security built on ServiceNow works.