Part two: The solution
In part one of this mini-series, SailPoint explored the severe outcomes of having poorly implemented identity security. One of the worrying results of this exploration was the cost of getting employee identity wrong. SailPoint calculated that the potential for real-time cashable productivity loss across the civil service per year is around £72 million. Cost-savings by correctly governing identity management is just one reason to make identity protection the security perimeter.
In this second part of the series, we look at how to quash this figure, secure access to sensitive data, and solve for complex identity security environments.
The network perimeter is dead; long live workforce identity
Legacy approaches to managing government employee identities pose challenges due to the fluidity of employee circumstances and the potential for errors and abuse.
Three areas that have made digital transformation challenging are:
Cloud computing: The job of IT and support has been made infinitely more complex with the advent of cloud computing and remote working. Moving applications to the cloud without an underlying identity security layer slows migration and complicates establishing the correct authorisation and access rights. It is essential to recognise that a cloud service provider does not offer this level of granular protection. Identity Governance and Administration (IGA) requires a dedicated and specialist solution that must be part of your strategic design when transitioning to the cloud.
Change and merge: Any internal change adds another dimension of complexity to effectively handling access rights. Changing organisational structures and functions, moving to different departments, and merging departments are complicated and can take months. Without a robust identity plan that can handle change, these changes can cause significant disruption and loss of productivity. A comprehensive and automated “mover” process must be used to significantly reduce risk. Movers, leavers, and joiners must be thought of a natural lifecycle of identity management. A whole life approach to IGA and identity management captures these distinct changes across that lifecycle. But to be effective in managing these lifecycle additions and changes, across complex hybrid working environments and cloud computing, the underlying access governance must be automated and intelligent.
Out-of-control access governance: NIST defines least privilege as “The principle that a security architecture is designed so that each entity is granted the minimum system resources and authorisations that the entity needs to perform its function.” Without robust access rights governance and control, risk increases, least privilege, and the goal of the new security perimeter cannot be achieved.
A shift in perspective can deliver transformation for good, improve security, and decrease risk. This new perspective is called next-gen identity.
What is next-gen identity?
The way that people access and interact with devices and data has changed almost beyond recognition in the last ten years. However, the controls used for these interactions must catch up to this curve. The answer is next-generation (next-gen) identity. Next-gen identity has evolved to handle the complex, highly regulated world of workforce access to data, applications, and other network assets. The core design goals of next-gen identity are speed, adaptability, and security. Next-gen identity solutions must be able to adjust and modify behaviour as conditions change. Employees enter the workforce and leave it; they move between departments. This adaptability of people needs to be reflected in the adaptability of a next-gen identity solution. Achieving this in a software solution requires versatility in the form of AI.
Next-gen identity leverages AI to support the following capabilities:
A risk-based and event-based governance model: an AI-driven governance model reduces the need for constant large-scale certifications. Instead, automation of the process means that re-certifications become a standard part of business process, reducing overhead and removing human error.
Identify identity outliers: identity outliers and separation of duty conflicts can cause non-compliance and data leaks. For example, an Accounts Payable clerk could also act as an Accounts Receivable clerk, creating a conflict of interest.
Activity insights: AI provides access recommendations using LLM-generated entitlement descriptions.
Application onboarding: controlled and fast onboarding of applications.
Comprehensive reporting: generation of comprehensive reporting that helps with insights and regulatory compliance.
If you liked this content…
The invisible workforce: What you don’t know can hurt you
Two-thirds of UK firms lack visibility over what staff share with AI, research finds
The invisible workforce is already here – and most organisations don’t know it
Think AI for Government: Key Takeaways
Biggest cyber threat coming from inside the house
Automated role discovery: large workforces can cause discovery issues for identity. AI helps automate role discovery and provides suggestions and insights into access rights.
Learn more about SailPoint and next-gen identity.
How next-gen identity makes a difference
The proof is in the pudding when it comes to next-gen identity. The following real-world anonymised case studies demonstrate the success of next-gen identity:
A UK University: onboarding a new employee or student took two weeks. This ate into staff time and student learning. Using SailPoint’s next-gen identity reduced the time to onboard to less than one hour.
UK police force: all UK police forces typically take seven to eight weeks to onboard new officers. The process relies on physically signing approvals and an administrator using a clipboard to identify recruits’ F2F. Next-gen identity drastically reduces onboard time and ensures this is done securely and reliably.
A central bank: a bank has a highly complex environment and many applications. Next-gen identity consolidated application access control quickly and accurately.
Central government: the onboarding of new employees can take up to 12 weeks because of the complexity of establishing new privileges and permissions for employees and contractors. Next-gen identity brings onboarding time down to under one month.
Next-gen identity success story
“Now, we have a really good handle on our access risk, and we have end-to-end identity lifecycle management really well nailed down.” – cyber security design team lead, Central Bank of major global economy.
Like the government, banking is a highly regulated industry. Like the government, banks have many employees, many applications, and a complex working environment. A European bank with hundreds of critical apps and data sources was challenged to move from legacy identity management to SailPoint’s modern next-gen identity solution to future-proof access control and data security.
The bank began with just 21 apps protected. But the bank had to manage access to vast amounts of data across hundreds of systems. Using SailPoint to automate identity management the bank was able to enforce end-to-end access control across over 350 applications. The result was compliant processes, reduced risk, and identity management that could handle unstructured data. Access reviews undertaken were previously under 50 percent; this figure increased to over 95 percent with SailPoint’s next-gen solution.
Solving for identity protection with next-gen identity
Working in the government sector can be challenging as it is a complex and constantly evolving environment. Managing identity security in such environments can be especially difficult. Both local and central government departments require advanced and cost-effective identity solutions that are driven by Artificial Intelligence (AI) to cope with the unique nature of their workforce. Next-generation identity solutions that are adaptive and intelligent can help onboard, offboard, and grant permissions to employees efficiently, which is crucial for a productive work environment. By employing AI-driven identity governance, these seemingly insurmountable issues can be addressed with ease, ensuring scalability, adaptability, and appropriate access enforcement. The next-gen identity solutions are designed to tackle the most significant obstacles of identity, authentication, and authorisation, enabling government staff to be productive in an environment that supports them.
Talk to a SailPoint expert about how next-generation identity can boost productivity, engage employees, and save money.
