Identity and access governance

October 2014 Access Control & Identity Management

When people think about securing their network, the term identity and access governance (IAG) might not come to mind. Most likely this is because they do not truly know what IAG is or how IAG solutions can be used. They might also believe that IAG is a high-tech, expensive solution that will make them bust their budget and take years to implement. In actuality, there are many different types of solutions that make up IAG. Organisations are able to pick and choose which solutions work best for them, and solve their security issues, as well as many other problems they may be having.

Dean Wiech
Dean Wiech

So what exactly is IAG? Gartner defines IAG as “the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAG addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements. This security practice is a crucial undertaking for any enterprise. Enterprises that develop mature IAG capabilities can reduce their identity management costs and, more importantly, become significantly more agile in supporting new business initiatives.”

So what does this all mean for an organisation? Identity and access governance solutions can help beef up security efforts in many different areas of the organisation. The following is a list of five ways that companies can use IAG solutions to secure their networks.

Simple single sign-on

One of the easiest ways to pump up the security in any organisation is to use a password solution. A recent survey found that a majority of employees from different backgrounds and various industries have upwards of seven sets of credentials that they need to remember. In addition, these passwords need to be changed every month or so and need to meet certain password requirements, such as having a certain number of characters, use of a symbol, etc. Is it any wonder users write down their credentials? Simply put, the typical individual cannot remember that many advanced sets of usernames and passwords.

One of the easiest solutions to this is a single sign-on (SSO) solution. This allows employees to use a single set of credentials to access all of their connected systems and applications. Almost everyone has heard of SSO, but some organisations are hesitant to implement the solutions or believe they won’t be useful. They feel that giving their employees a single password may increase security issues.

In actuality, having one single set of credentials that a user does not need to write down to remember is a lot easier and safer than not. Doing so means employees are far less likely to write down credentials, and they will likely be thankful in the long run for all the headaches and time you saved them.

Advanced password security

While SSO adds a layer of security, there is an additional step that can be taken to further increase password security. Two-factor authentication can take single sign-on and add an additional layer to it.

What is two-factor authentication?

For organisations that are dealing with highly secure data, instead of requiring end users to enter just a username and password, they are required to log in by presenting a smartcard to a reader and entering a PIN code. Combining a smartcard and a PIN code ensures strong authentication because it is based on something users have (the smartcard) and something they know (the PIN code). This is extremely useful for settings such as hospitals where users need to quickly log in and would benefit from SSO, but still need to ensure that there is a strong security.

Ensuring roles are correct

What about ensuring access rights are correct? Organisations need to make sure that only the appropriate people have access to secure data. This can be a daunting task especially for companies with a larger number of employees. Manually checking each employee’s rights is virtually impossible.

Through the day-to-day activity of employees joining or leaving the organisation, it is easy to lose track of who has access to what. Accounts are provisioned, credentials are shared, employees are given special access for a project but access is never revoked. It is exceedingly easy to lose track of who has access to what systems and applications.

Organisations need to be able to ensure that each employee has the correct access in a quick and convenient way. One way this can be achieved is through role-based access control (RBAC). RBAC is a technique for implementing authorisation management across the organisation and involves assigning privileges on the basis of RBAC roles rather than assigning access privileges to individual users. These roles in turn comprise the department, title, location and cost centre associated with an employee, ensuring that every employee has access to systems and data that are consistent and appropriate for their role in the organisation. So, it can easily be set up so that, as an example, employees with managerial titles will receive certain access rights while assistants receive different access rights.

Revoking access

One of the biggest security issues that organisations face is when an employee quits or is terminated, and they are inadvertently left active on the organisation’s network. More times than not, this task is overlooked since someone has to go into each application and manually disable the user, which can be extremely time consuming.

This is a serious security risk since an ex-employees will still have access to the company’s data and network. There have been many cases where disgruntled employees either reap havoc on their ex-employer’s network or steal important customer data. This issue also commonly takes place when an organisation hires either temporary or seasonal employees. With the constant movement of these types of employees it is easy to lose track of whose accounts are active.

With an IAG solution, a link can be made to synchronise the organisation’s source system user accounts with network-based user accounts. In many cases, HR systems or CRM are often used as a source system. This allows the organisation to synchronise and automate its account management between all of its systems and applications.

So, when an employee leaves the organisation a manager simply has to disable the employee in the source system and they are automatically disabled in all the connected systems and applications. Additionally, if a manager needs to access certain files in a home directory or desires emails to be forwarded, this work can also be easily transferred to the manager.


Meeting audit and compliance rules and regulations can be extremely annoying. These rules are in place for a reason; they ensure that certain information and data is kept secure, including customer and company data. That being said, it is still a huge annoyance to meet many of these very detailed regulations. An easy way to handle this is to do continuous reporting so that when it comes to audit time all the work does not have to be completed at once.

Many IAG solutions allow for automatic reporting to be set up according to your specifications. For example, a manager can easily generate a report on who has access to a certain system or who is making changes in an application. A Web portal can allow a manager to start a workflow process to correct any irregularities that are noted. This also helps when it comes to audit time of the year. Instead of spending days gathering the information for an audit, all of this work is already completed.

These are only some of the ways in which an IAG solution can assist with security in an organisation. IAG as a concept has many different solutions that can be beneficial for ensuring that an organisation’s network is secure and meets all compliance requirements. Of course, it helps with many other areas, such as productivity, compliance, budget, etc., making IAG solutions extremely beneficial for growing organisations.

For more information go to

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

HID addresses identification challenges at ID4Africa
August 2019 , News, Access Control & Identity Management, Government and Parastatal (Industry)
Being able to verify people’s identities is critical for a nation’s growth and prosperity and yet HID says nearly half of all African citizens can’t prove who they are to vote, travel freely and receive government benefits and services.

Came acquires Turkish company Özak
August 2019, CAME BPT South Africa , News, Access Control & Identity Management
Came broadens its market horizons and signals growth and consolidation in the Middle East.

The benefits of electronic visitor management
August 2019, Powell Tronics , Access Control & Identity Management, Residential Estate (Industry)
Access control is a critical aspect of estate security as it represents the controls put in place to restrict entry (and possibly exit) along the outer boundary of the location.

Addressing risks by means of access control layout and design
August 2019 , Access Control & Identity Management, Security Services & Risk Management
In order to develop a suitable, practical and appropriate security system for any organisation, it is essential to first develop a master security and life safety plan strategy.

Secure hands-free access
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry)
Suprema’s facial biometric terminals bring no-touch access into secure residential estates, high-rise apartments and luxury homes providing fast, easy and intuitive user authentication with the added benefit of hygiene.

MorphoAccess Sigma Extreme
August 2019, IDEMIA , Products, Access Control & Identity Management
MorphoAccess Sigma Extreme from IDEMIA is a touchscreen device with multiple recognition device interfaces (NFC chip reader, PIN and BioPIN codes, contactless card readers).

Outdoor access terminals
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry), Products
Rugged, dust- and weather-proof access control solutions that provide exceptional durability in extreme conditions is a strong requirement for many residential estates.

MorphoWave Compact
August 2019, IDEMIA , Products, Access Control & Identity Management
The MorphoWave Compact captures and matches four fingerprints on either the right or left hand in any direction. It is robust to environmental factors such as extreme light or dust.

MorphoAccess Sigma Lite
August 2019, IDEMIA , Products, Access Control & Identity Management
IDEMIA’s MorphoAccess Sigma Lite and Lite + are fingerprint access control terminals, offering time and attendance in and out function keys.

Eliminating forced gate opening scenarios
August 2019, ET Nice , Home Security, Access Control & Identity Management
When activated by the gate forced open alarm feature, the transmitter transmits a wireless alarm signal up to 750 metres in any direction.