How To Pitch Identity Governance And Admin Technology To Your CFO

Identity governance – what exactly is it? Just how important is it? And, perhaps most importantly, how can you convince your company to splash the cash on it? Here’s what the specialist had to say:

Alex Ayers, consulting director at SAP GRC and IT security company Turnkey Consulting

“Identity governance and administration (IGA) is the management of user information across the systems that users access to perform their business functions. Historically, organisations have managed users and access on an application-by-application basis; IGA consolidates this and supports the application of policy-based rules for the provisioning and ongoing management of user access.

“IGA saves costs through automation and strengthens access controls. Reporting and recertification is supported by information from all key systems. Job-based provisioning simplifies access requests, and approvals and policies such as segregation of duties (SoD) and delegation of authority (DoA) can be centrally defined and monitored. IGA can therefore significantly reduce the costs and improve the accuracy of operating controls for access management. Improved speed of control operation also has operational benefits, with users becoming productive more quickly.”

Paul Briault, senior director, solution sales at CA Technologies UK

“Users with excessive access privileges or entitlements can wreak havoc on a business from a security, compliance, and liability standpoint. Identity management and governance solutions provide the ability to manage user identities and govern the appropriate information users can access based on their role and how they use the data. Those solutions place a special importance on managing administrator accounts, as those employees have access to the most sensitive data and pose the biggest risks.

“Identity management solutions can streamline user activity and compliance reporting for privileged and non-privileged users. This enables businesses to improve efficiency, security and compliance by automating identity-related controls across physical, virtual, and cloud environments. It also helps make IT more flexible and the entire business more agile, which is necessary as companies try to gain competitive advantage in the application economy. By managing identities and their appropriate access rights correctly, organisations are less likely to fall victim to hacking or face the financial implications of a potential data breach.”

Kevin Cunningham, SailPoint president and founder

“IGA solutions enable IT to manage and control user access across the entire organiaation, regardless of where and from what device. This visibility into “who has access to what” is more critical than ever as organisations across every industry are facing an onslaught of security breaches and numerous industry regulations they have to meet.

“For mission-critical applications, such as finance, HR, or applications with confidential data, a high degree of control and governance is required. Adding to the challenge, use of cloud applications and bring your own device (BYOD) are increasing the demand for access to enterprise applications and data beyond basic devices potentially exposing costly consequences such as fraud, misuse of data, privacy breaches, and negative audit findings. By leveraging IGA, IT has the right preventive and detective controls to ensure that compliance and security guidelines are being followed.”

Matt White, senior manager in KPMG’s cyber security team

“There is no silver bullet for how to pitch Identity Governance and Admin to your CFO. As with most IT security ‘sales’, it boils down to making the issue resonate with the individual. Stereotypically, IT is not exactly a ‘sexy’ subject, so you need something better than a ‘sex sells’ approach. The quickest way to do this is to find the answer to the ‘so what’ question and deliver it before it’s even asked.

“Fundamentally, based on my experience, this boils down to only one question and three potential answers:

“What is the driver for the pitch? Regulatory? Efficiency gain? Operational risk reduction?

“When you can define the driver (or combination) you can not only make the target understand the reasons for the project but, if done successfully, you’ll also have made a senior level ‘Champion’ to support your ‘sales’ to the rest of the firm.”

Chris Sullivan, general manager intelligence and analytics, Courion

“If an IT professional is looking to sell IGA to a CFO, essentially he or she is selling an investment in good security housekeeping rather than flashy high tech security methods. Locking down access is the most cost effective way to prevent data breaches and avoid damaging fines from regulatory authorities, who are becoming ever more punitive about slack data protection and security.

“Poorly managed access is the root cause of many of the most serious data breaches and independent analysis reveals that even well run organisations can be sitting on serious vulnerabilities, in the form of access accounts that haven’t been deactivated. By ensuring IGA is a routine process and using tools that tackle where the greatest risks are, you can avoid the risks of regulatory fines or worse the loss of sensitive data that damages your business and brand!”

How much do you know about biometric technology? Try our quiz!