What Can Identity Teams Take From Data Management? Start With an Identity Data Catalog

This past week, Gartner Research published a new report, “4 Steps to Improve IAM Capabilities Using Data Management Top Practices” (written by Nathan Harris and Ehtisham Zaidi) with recommendations for identity teams on how to improve IAM program maturity by leveraging data management capabilities and practices. This happens to be an area of (rabid) interest for us here at Radiant Logic because we have been working with identity data for over 20 years, and we see a lot of similarities between identity data management and what we lovingly call our “parallel universe”—the master data management market.

So, let’s take a closer look—we’ll start with their overall assessment and go from there:

“Organizations that adopt leading data management practices in support of their IAM program will realize 40% improvement in time to value delivery for key IAM program objectives than their peers.”

Wow. That is a pretty incredible statistic, but we know it’s true because we have helped many customers achieve similar results with RadiantOne. Let’s dive into why…

What is IAM Lacking?

IAM is struggling to deliver security and business value today—so what is missing? As Gartner puts it: “Data management challenges—including data availability, data integration difficulties and data quality issues—contribute to limiting/slowing progress toward IAM capability maturity in most organizations.”

The problem is two-fold:

1. Organizations are focused on the key problem they are trying to solve (SSO, PAM, MFA, etc.), and are lacking a cohesive strategy for how to manage and access their underlying identity data; and,
2. Most IAM vendors haven’t baked in the identity data management capabilities that make it possible to operate well within a complex identity infrastructure with multiple, varied data sources (LDAP directories, Active Directories, SQL databases, cloud sources, etc.).

“Most organizations focus on acquisition and implementation of IAM “action” technologies, such as authentication, access management (AM), identity governance and administration (IGA) and privileged access management (PAM) as their primary strategy for achieving desired business outcomes. However, the data management capabilities for IAM product vendors are … not strong… the strategy of relying primarily on IAM vendors for IAM data management often leaves client organizations with substantial gaps and slow overall value delivery.” 

Insufficient identity data management capabilities result in: 

• Ineffectiveness of IAM overall, and IGA in particular
• Additional costs for implementation and integration
• Slowed time-to-value for IAM projects
• Inability to implement Zero Trust Architecture
• Increased security risk
• Stalled and costly implementation of IGA tools

This frustrating outcome can be seen across a number of projects, but particularly for IGA, where Gartner has said that 50% of deployments are “in distress.” The report notes that ready access to high-quality identity data is especially crucial for IGA success and time-to-value, as organizations endeavor to extend access control across complex infrastructures.

This finding ties in with another recent Gartner report (“Market Guide for Identity Governance and Administration”) that highlights the importance of a data integration and analytics layer to enable IGA and other IAM capabilities. That report found that IGA analytics could reduce access administration and governance costs by 50%, by improving human decision-making and reducing manual tasks. Analytics are key for removing the “drag” on project value stemming from unavailability of data, poor-quality data, and difficulty getting to the insights that really matter.

Let me give an example. Some of the impactful use cases for IGA analytics are:

• Detecting orphan accounts
• Assigning understandable risk scores
• Identifying over-permissioned access
• Finding Segregation of Duties violations
• Modeling roles that conform to least-privilege
• And providing recommendations for access rights assignments

These analytics-powered capabilities supercharge the effectiveness of an IGA deployment, and they rely on access to all of an IAM system’s (integrated) data. When all of that data is compiled in a single, vendor-agnostic repository, it can then be used by every tool within your IAM infrastructure as a single source of truth. But more about that in a minute…

This is why Radiant Logic has focused on “the data layer” as the right place for adding value in the IAM market—the consuming layer (AM, IGA, PAM, applications, etc.) is necessary, but the identity data driving decisions made by those systems must be instantly available and high-quality for those solutions to be effective. To get more value from these downstream solutions, organizations need tools for managing identity data across distributed systems.

So, how can organizations leverage data management capabilities to improve the IAM system?

An IAM Data Catalog is the Starting Point for IAM Effectiveness

Gartner strongly recommends beginning with an IAM data catalog, calling it “the most important first step” for addressing the data availability and quality issues that limit IAM effectiveness.

“IAM data availability and quality issues significantly limit IAM capability effectiveness in many organizations… documenting an IAM data catalog (what data you need, what data you have, where it’s coming from, where it’s going to) is the most important first step in identifying and addressing these issues.”

An IAM data catalog (or IAM data dictionary, which can grow up one day to be an identity warehouse, identity data hub, etc.) is an accounting of “what data you need, what data you have, where it’s coming from, where it’s going to.” And, with Radiant Logic’s point-and-click tools for connecting data across systems into a central abstraction layer, this process is made much easier.

The best practice Gartner recommends is to complete a data catalog across all of an organization’s IAM infrastructure, versus for individual IAM solutions. We think this holistic approach is the right one, as it positions the organization to continue to benefit from the IAM data catalog with every subsequent project (which will all benefit from an understanding of what data is where, as well as streamlined access to that data).

What Capabilities Will Make the Biggest Impact for IAM?

To realize value from IAM investments in the face of complex systems, data management capabilities are key. “Most IAM technologies assume that data is pulled from a limited number of authoritative sources, and have limited abilities for complex data consolidation and data enrichment requirements.” …Radiant Logic is not in this camp. We live for complex identity data consolidation and data enrichment.

Radiant Logic’s platform helps identity teams to build the IAM data catalog and leverage data management capabilities for IAM with tools that:

• Map and translate data, handle multiple protocols to present a central identity data pipeline to multiple IAM systems
• Discover and model relationships across sources
• Add relevant descriptions to entitlement data, such as data owners, user-friendly risk scores, etc.
• Perform correlation automatically, build complete profiles containing all attributes for users with multiple accounts
• Support flexible schemas so that consuming systems can access the data in the format they require, even when data is stored in a different schema in the underlying source
• Extend the system with more attributes, without making changes to existing sources or creating more silos
• Deliver visibility (a “critical enabler of all other IAM action controls” per Gartner) into user information down to the permission level, for human and machine identities
• Leverage analytics to empower identity teams and businesspeople to assess and mitigate risk efficiently, via impactful insights and user-friendly interfaces and processes

We offer the identity data and analytics layer that bridges the divide between the data you have, and the actions you need to take. Our agnostic approach lets you work with the identity sources and tools you have today, or will have in the future, to implement IAM initiatives faster. With increased visibility and analytics-driven intelligence, the RadiantOne platform helps organizations improve outcomes across the IAM stack.

Gartner’s Recommendations for Improving IAM Program Maturity

For organizations looking to optimize IAM systems and improve time-to-value, Gartner recommends:

• Prioritizing visibility/observability to get high-quality, actionable data
• Starting with an IAM data catalog (aka IAM data dictionary)
• Including data management capabilities and practices as requirements in the IAM solution set
• Working with data and analytics to identify further opportunities for improvement

IAM maturity is the means to the end of reducing risk while improving operational efficiency—and you can speed that evolution by adopting data management capabilities as a foundational tenet of your IAM strategy. Radiant Logic has been helping organizations accelerate time-to-value for IAM projects for over 20 years—book a demo to see our identity data management and analytics platform in action.