In Gartner’s recent report, 50% of Identity Governance & Administration (IGA) products are in distress*. Solutions are hard to install, too complicated, taking years and costing millions. How do you ensure a successful Identity project for your risk management strategy? On Tuesday, September 17, Delinea experts Frank Vukovits and Darren Mawhinney discussed why IGA projects are in distress and using real examples to illustrate what clients can do ensure a successful identity project. In this blog we look at key points from the webinar, introducing the steps to make Identity Lifecycle Management work.

Why does Gartner say that 50% of identity projects are in distress?

“It’s not surprising” Darren says, “and it is a concerning figure”. Our experience aligns with Gartner’s findings. Identity Lifecycle Management has traditionally been a solution for large enterprises, characterised by extensive teams, substantial budgets and vendors offering highly complex solutions. Over time, these initiatives evolve into prolonged projects, spanning years, often with unattainable goals. The primary challenge we observe is the perception that implementing identity solutions is overly complicated, prohibitively expensive and excessively time-consuming.

Darren also identifies three additional key factors contributing to the failure of identity projects. For more detailed insights, download the webinar: Making Identity Work: Ensure a Successful Identity Project for Risk Management.

What’s the specific relationship between IGA and Governance Risk and Compliance (GRC)

While neither IGA nor GRC are new concepts, companies are only recently beginning to understand the synergy between Identity and GRC. Companies lose a worrying 5% of their annual revenue to fraud each year according to the Association of Certified Fraud Examiners in Occupational Fraud 2024: A Report to the Nations. More alarming is that Verizon (2024 Data Breach Investigations Report | Verizon) report that, on average, companies lose $5.87 million due to a single non-compliance event. With 94% of all breaches being identity related (Identity Security: A Work in Progress | IDSA Alliance), the integration of Identity and GRC is crucial. Implementing an IGA system correctly and in a timely manner is essential – if you can control identities’ access you can mitigate the risk of fraud.

What can customers do to help make IGA projects work?

Frank states ‘identity shouldn’t be that hard’, yet the landscape is littered with failed and failing projects. So, what can customers do to help make these projects work?

• Keep it simple: Understand what the technology can and cannot do and focus on key success factors.
• Clear project phasing: Darren advises taking a phased approach with regular milestones. Start small, linking key applications first, and then expand.
• Celebrate milestones: Visibly celebrate successes to showcase the implementation’s progress to your team and stakeholders.
• Minimum viable product: Simplify installation and operation by focusing on essential features first. Darren suggests a laser-focused approach, implementing what is necessary rather than what is nice. Using out-of-the-box, customizable workflows and configuration options can keep the project simple and effective.

For more tips and tricks, download the webinar to see how we have helped customers succeed in their identity implementation projects.

Identity and GRC is by nature, complex, so how can we simplify?

Digital enterprises require access to applications, systems and data, each point of access posing a potential risk. With more systems and best-of-breed applications being added, Darren suggests that identity projects can quickly become overly complex. He advocates a ‘mid-market’ approach, providing functionality such as Role Based Access Control (RBAC) and Policy Based Access Control (PBAC) functionality that is missing in the ‘IGA lite’ products.

The Delinea ‘mid-market’ IGA tool has been specifically designed to be robust enough to ensure security and compliance without introducing the unnecessary complexity and customisation of Enterprise IGA. This complexity and over specification are the key attributes that make many IGA projects unaffordable and undeliverable.

When designing our IGA projects, we always focus on what our clients need the tool to accomplish and the key use cases. Based on our experience, the core use cases for our clients include:

• Automating the Join, move, and leave process
• Self-service access requests
• Improving efficiencies with workflows and out-of-the-box templates
• Automation of access certification for compliance

By adopting this approach, we ensure that the project remains as simple as possible, quick to deploy, easy to use, customizable, and delivers rapid time to value. These core values underpin our Identity solution, enabling our customers to celebrate success quickly and realize value.

In the webinar, Darren further examines how to simplify the complex process and scale the project as your needs grow.

Conclusion

The identity market has been plagued by overambition and underachievement, with many projects failing, millions lost to complex installations, and valuable resources being consumed. However, IGA is not just for large enterprises. Even companies with 500 employees can find provisioning and deprovisioning challenging and time-consuming. Therefore, it’s crucial to have a solution that is cost-effective, quick to implement, customizable, and easy to use.

The key to a successful project lies in simplicity and scalability. Starting with essential needs and using a milestone approach to increase functionality will help you achieve faster value from your implementation, while keeping you secure and compliant.

For more information on making identity work, download the full webinar recording. Alternatively, reach out to one of our experts, below.

Alternatively, if you want to learn more about Fastpath’s automated access certifications module, speak to one of our experts.

*’Avoid These Top 5 Mistakes When Deploying IGA’ Brian Guthrie, Gartner