Comparing Identity + Access Management (IAM) and Identity Governance + Administration (IGA)
Both identity and access management (IAM) and identity governance and administration (IGA) have a clear emphasis on identity. However, there are a few subtle differences – and these differences help to explain why Clear Skye focuses on IGA.
Defining IAM and IGA
Identity and access management combines business processes, policies, and technology solutions, allowing an enterprise to manage roles and privileges for personal users and devices in order to access the right business systems at the right times for the right reasons. IAM solutions focus primarily on role-based user access and privileged account management, with core features such as single sign-on, authentication, authorization, segregation of duties, and session management.
Identity governance and administration takes IAM a step further in three key ways:
• Enable the review and audit of user and system access to meet compliance reporting requirements.
• Automate core business workflows for tasks such as access requests and provision / deprovisioning.
• Manage the many facets of employee, customer, or contractor lifecycles, from onboarding to promotion to termination.
How IAM Can Be Limited
Many IAM solutions are restricted to a single enterprise system or business line – managing access only for Human Resources assets, for example, or only for the customer relationship management system.
This presents a clear limitation. IAM may exist in a silo, but knowledge workers do not. In any given day, they may need to interact with a dozen business systems – not just HR and CRM but also email, finance, supply chain management, Help Desk, and so on.
An individual user’s “identity” is connected to all these systems. When IAM solutions are restricted to a single system, enterprises are forced to manually manage, audit, and update user identity and access. This creates an inefficient and error-prone process that could lead to security vulnerabilities or failed compliance audits.
How IGA Supports IAM
Writing in Computer Weekly, Kuppinger Cole’s Warwick Ashford notes that IGA is at the heart of an enterprise IAM strategy.
IGA is essentially the ability to reduce the risk that comes with excessive or unnecessary user access to applications, systems and data. This is achieved by enabling policy-based centralized orchestration of user identity management and access control, and by working with other IAM processes to automate workflows and meet compliance requirements.
Ashford recommends that enterprises consider the following when evaluating IGA solutions:
• Support for a broad range of IT infrastructure and business applications.
• Management of non-human entities, including robotic processes.
• Alignment with applicable regulatory requirements for consent management, access request, access review, and segregation of duties.
• Management of access rights and governance for privileged accounts.
• Hosting in the cloud to enable shorter deployment, faster upgrade, and lower cost of ownership.
These recommendations mirror Clear Skye’s approach to IGA. We’ve chosen to build Clear Skye IGA native to the ServiceNow Now Platform. This enables us to leverage the cloud that enterprises around the world trust for IT Service Management. Access to the ServiceNow data plane also allows us to manage identity and access and automate workflows across the enterprise – not in individual silos. This helps enterprises avoid the traditional limitations of IAM and reap the benefits of a modern approach to IGA.