In my last post, I talked about a number of the challenges that organizations face as they attempt to improve their IAM, IGA, and GRC strategies. All too often, organizations find that one challenge leads to another, and governance becomes a frustrating chore instead of a strategic imperative or differentiator.
A lot of this frustration stems from a lack of visibility into business processes. Over time, organizations have implemented a wide range of enterprise systems to meet ever-changing business needs, with little thought about how those apps can – and should – work together. In the interest of convenience and efficiency, IT teams focus on using one-off integrations and workarounds. The need to accommodate remote workers, and external access points with varying degrees of security, has only compounded the problem.
While this is emblematic of larger system management issues, it also has clear implications on governance and compliance efforts. It’s nearly impossible to see at a glance who has access to what, whether those privileges should be revoked, and the extent to which access poses risks both to individual users and to the organization as a whole. Compliance becomes a reactionary process of incident response, not a proactive process of strategy development.
Remembering my past life, architecting and deploying solutions based upon Waveset Lighthouse and later Sun Identity Manager, an often stumbled upon requirement was to integrate with IT service management systems (ITSM) such as BMC Remedy and its likes; to capture, send and react upon service tickets. An integration that always proved challenging in both technical and process oriented ways. Often due to the fact that the view of processes were layered with obscurity.
Recently, though, the emergence of cloud-based platforms for ITSM, configuration management, and operations management have opened the door to improved business process visibility. Combine this with business process automation – also a standard offering for these platforms, and the ease to technically integrate with REST-based APIs – and suddenly it’s possible to take a more holistic approach to governance and compliance.
Here are a few key benefits to bringing compliance and governance on top of a cloud-based ITSM platform.
Seamless application integration. Information is most valuable to enterprise stakeholders when it’s able to flow across applications and roles. This is especially true when platforms are able to integrate legacy ERP or RCM systems in addition to native apps. Business leaders benefit from a single version of the truth that enables data-driven decision-making. Compliance leaders will spend less time gathering data to prepare audits or run incident reports, saving time and reducing complexity.
Scalability and consistency. Cloud platforms aren’t tied to local, on-premises resources and can be scaled across multiple networks. This allows organizations to overcome one of the biggest obstacles to better GRC: Siloed governance solutions for single sites, or even single servers or applications. Adding a single governance solution across all applications hosted on the same platform creates a consistent experience for end users and can provide the cornerstone for a single governance strategy that applies to HR, finance, operations, security, and service management business lines.
Automation. Built-in notifications, workflows, and approvals bring clear efficiency benefits to the ITSM process. Automation helps compliance efforts as well. Setting clear and repeatable workflows for tasks such as onboarding, deprovisioning, and password management – whether it’s for all employees or on a role-based basis – ensures that these processes meet an organization’s governance and compliance needs every time. Automated incident response also helps organizations stay a step ahead of common threats and enables security teams to devote their valuable time to assessing higher-level risks.
Adaptability. Cloud-based platforms make it easy to plug in those new applications that meet specific business needs. Instead of writing custom integrations, developers can drag and drop the functionality they want. In a traditional environment, this would be a governance nightmare, much like the early days of BYOD and shadow IT. But when IGA and GRC solutions are native to the ITSM platform, the processes in place for current systems will apply to the new applications, allowing an organization’s governance strategy to evolve as new apps come online.
Efficiency and productivity. In traditional environments, GRC is often linked to reduced efficiency, whether it’s auditors poring over spreadsheets of redundant data or end users waiting for a response to a service request. When GRC and ITSM are closely linked, governance can happen behind the scenes, both through process automation and the deployment of repeatable rules and policies. This ensures that governance is far less like to interfere with day-to-day activities across the organization.
The elevation of governance. For many enterprises, compliance is a core discipline on the same level as security, ERP, HR, finance, operations, and so on. On the other hand, governance is often a subset of another discipline such as compliance or security, making it even harder for governance initiatives to receive the attention they deserve. When governance is native to ITSM, and governance strategy is broadly applied across the enterprise, then the importance of governance as a discipline is magnified to end users and executive leaders alike.
Not every organization is ready for IGA or GRC on a cloud-based platform. Transforming traditional and legacy ways to the cloud can be disruptive, especially for organizations that can’t afford downtime or that have higher IT, security, or safety priorities in the wake of various COVID-19 challenges. In these cases, more traditional governance solutions will have to do - and there is an abundance of these type of solutions.
For those who have already made an investment in a more modern ITSM solution, though, it only makes sense to get the most value from the platform as possible. Embedding governance into ITSM provides an opportunity to gain visibility into governance challenges, automate key governance processes, and demonstrate to the entire enterprise that governance is a high priority.
In my third post in this series, I’ll dive into more details about how to make the marriage between IGA and ITSM a happy and healthy one.
Inga kommentarer:
Skicka en kommentar