March 05, 2022 | Author: Ravi Neriyanuri
In today’s digital world, organizations need to modernize the identity governance and administration (IGA) program to deal with an increased security risk exposure as the infrastructure and applications move into the cloud. In addition, the remote working and remote access to the environment have pushed the needle further to the wall.
To minimize the risk, Cybersecurity is shifting the focus beyond protecting the network, application, and data to managing & monitoring the internal/external identities that have access to the environment by securing and mapping the identities to protect the assets. Thus, IGA is becoming a fundamental and critical capability of any cybersecurity program.
In addition, the gaining adoption of Zero Trust principles, i.e., never trust, always verify, and the Password-less Authentication, are not effective unless the organization has a robust IGA program in place.
However, before reimagining the IGA program, the organizations, at the minimum, need to try to find answers to the following –
Role of Technology:
Technology plays a critical role in building, sustaining, and determining the success of the IGA program. The key to unlocking the benefits lies in selecting and implementing an IAM platform that can meet the business requirements and is technically viable and within budget. Also, It should support the various systems and technologies both on-premise and on the cloud.
Before selecting and implementing a platform to secure the identities and maintain governance, the organization must evaluate and choose a solution with built-in workflows for smoother approval, improving efficiency, and approving access reviews to protect all human and machine identities. Further, the chosen platform/technology should provide required access through an additional factor of authentication based on context, zero trust for all users, and managing access to assets either in an on-premise or cloud environment. In a nutshell, An IGA tool should provide the following capabilities:
Recommended Approach to modernize your IGA program –
For a successful IGA implementation, it is essential to look at how the current IGA program requirements are managed and follow the below-recommended approach to reimagine your IGA program.
Step 1 – Understanding the current maturity of the current IGA program helps the organization define its IGA strategy and roadmap to define and phase the entire program and, more importantly, select the right IGA product.
Step 2 – Jumpstart your IGA program with a pilot to understand and evolve the data model in the current environment to get a clear understanding of the IGA requirements.
Step 3 – After setting up the product, perform birthright access provision and build the necessary integrations.
Step 4 – Perform Request approvals and workflows for maximum end-user adoption
Step 5 – Perform the application onboarding process
A successful IGA solution or program leads to benefits like reduced operational costs, improved compliance, better audit performance, Automated and efficient user access to assets, scalable process, and reduced risks. It is required to adopt an efficient, incremental, and iterative approach for implementing IGA by collaborating between various stakeholders and it requires considering IGA maturity, people, process, and technology.
The Templar Shield Advantage
Templar Shield, Inc. is a premier cybersecurity, privacy, risk, and compliance technology professional services and value-added reseller firm. We provide various service options to meet our client’s specific needs, including advisory, integrated risk transformation, consulting, operations, and technical solutions. As part of the Identity and Access Management Service Offering, Templar Shield provides Advisory, Implementation, Integration, and Managed Services to meet our client’s short-term and long-term program management needs.
With a global delivery model and strategic partnerships with industry-leading IAM product vendors, Templar Shield helps organizations reimagine their identity governance and administration programs to strengthen security initiatives.
About the Author:
Ravi Neriyanuri is a Managing Director and Heads IAM practice at Templar Sheild. He has 26+ years of progressive experience advising global majors/fortune 500 companies on IAM strategy, program development, and technology implementation. Ravi led products development in Enterprise Security and Information Risk Management areas, is an advisor thought leader and has decades of experience in Delivery Management, Presales, Enterprise Architecture, Product Management, Risk Management, Competency building, Practice Building, and Incubation.
For more details, please reach out to:
Frank Wray – Director, IAM Practice
Email: frank.wray@templarshield.com
Introduction
January 17, 2022 | Author: Jasen Dill
On March 11, 2020, the World Health Organization declared the novel Coronavirus (COVID-19) a Global Pandemic forcing business enterprises to change their business operating model to overcome the hurdles and minimize the impact on their organization. One of the many hurdles that required the business’s attention and action was ensuring the viability of their Third-Party/Vendor ecosystem.
During these challenging times, it was not only organizations with a less-than-mature Third-Party Risk Management (TPRM) program that struggled to respond to the pandemic. Even organizations with more robust TPRM processes had to scramble as the situation demanded them to expand, enhance, modify, and improve their existing TPRM program.
Key Challenges
As the pandemic raged on, organizations successfully worked out with their vendors on reduced Service Levels and invoice processing requirements as good-faith agreements between strategic partners. However, they faced the challenge of meeting their compliance obligations and the need for protecting and safeguarding sensitive information from increasing cyber-attacks/data breaches.
Key Lessons Learned
As we leap into 2021 and the pandemic continues to challenge all of us on multiple levels, there are opportunities for business enterprises to use “2020-hindsight” to review the changes made, evaluate those changes, and incorporate them into the new standard processes.
At Templar Shield, we have been supporting our clients on their third-party risk management program journey. Our unique TPRM managed services model provided us an opportunity to work closely with our clients, helping them overcome the challenges posed by the COVID pandemic. We observed that the companies that we’re able to pivot quickly benefitted. Here are some of the key lessons learned.
Changed Third-Party Risk Landscape:
Program Maturity is the Key:
Extended Program Coverage:
Third-Party Risk Management teams saw an increase in day-to-day responsibilities –
Revised Assessment Methodology/Approach:
Continuous Monitoring:
Extended Support/Co-Services Model:
This additional workload strained even the most seasoned organizations as companies scrambled for ways to pivot themselves to the “new norm.”
Conclusion
As we continue to maneuver through life, during a Pandemic or not, managing vendors will not become any less important ever.
What the pandemic has allowed us to do is apply the lessons we learned to mature third-party risk management programs and give our strategic partners the much-needed assistance to manage their third parties, keep data secure, and maintain regulatory compliance.
About Templar Shield
Templar Shield is a premier information security, risk, and compliance technology professional services firm. We provide various service options to meet our client’s specific needs, including advisory, integrated risk transformation consulting, operations, and technical solutions. We have partnered with over 100 Fortune 1000 companies and government entities to implement innovative integrated risk and compliance solutions across organizations.
Our Third-Party Risk Management Services & Solutions
At Templar Shield, we provide end-to-end services and solutions to meet your unique third-party risk management requirements. Our seasoned TRPM domain specialists and technology consultants can help you with –
We leveraged years of rich experience gained from helping organizations build their TPRM programs and developed a unique TPRM managed services model allowing clients to choose from a selection of “a la carte services” to meet their program management requirements.
The TPRM managed services model allows you to spread the workload and segregate at any process step. This, in turn, allows you to focus on addressing bigger core issues and maturing the TPRM program.
About the Author
Jasen is a seasoned GRC Consultant with cross-sector/industry and multi-domain expertise in providing consulting and advisory services. Jasen’s experience includes a diverse portfolio of innovative technology implementations and program transformations to support his clients’ strategic priorities. In this capacity, Jasen leads TPRM Program Managed Services and helps clients design, architect, and implement solutions to automate their TPRM programs, especially on tools such as RSA Archer, ServiceNow, Lockpath, IBM OpenPages, BlackKite, Rapid Rating, RiskRecon, and the like.
He can be reached at jasen.dill@templarshield.com.