What is Identity Governance Fatigue?

The Traditional Identity Journey

Over the past decade, organizations have gone through many different stages of the identity journey. Depending on the size and maturity of your organization, you are probably in one of six identity maturity categories (see diagram below). Your progress through the stages of maturity may be stalled—but not necessarily because of limited resources or for lack of trying. Your lack of progress is likely due to the limitations of your existing identity governance solution. 

What is Identity Governance Blog Image 1.png


Why? These legacy solutions fail to deliver on your identity governance requirements. Large enterprises need a model that provides visibility into who has access into what and why, eliminating manual access requests, approvals and certification rubberstamping. And, the identity model should grow dynamically as your organization changes over time. 

Why Legacy Identity Governance Solutions are Destined to Fail 

Legacy identity governance and administration (IGA) solutions are failing organizations today for several reasons: 

  • Identity silos: Many IGA solutions are only integrated with a few authoritative identity sources, like Microsoft Active Directory, or your company’s HR system, like Workday. The limited integrations result in poor user access visibility and a lack of consistent access visibility across the entire enterprise. As a result, you have many islands of identity sprinkled across your organization.
  • Operational inefficiencies: IGA solutions are meant to automate access requests, approvals and certification reviews. The reality is quite different. Instead, your teams are so overwhelmed with access requests, approvals and certification reviews that they end up manually approving access requests and rubber-stamping certifications. This results in the overprovisioning of user access privileges across your entire enterprise. 
  • No context: While IGA solutions are good at providing visibility into a single authoritative source, they don’t provide visibility and context across multiple authoritative sources. As a result, organizations struggle to determine what users need access to, what access they have, and why that access is needed. Without universal visibility and context across the entire enterprise, your organization is blind to inappropriate user access privileges and potential unauthorized user access. 
  • Static data: IGA solutions provide tools—like role modeling—to help organizations achieve better operational efficiencies and compliance. While role modeling helps to better align users with the right access rights, the organizational role model rapidly becomes stale and outdated. Your organization changes dynamically every hour, every day, every week, and every month. With outdated access rights, privileges, roles and entitlements of an IGA solution, your organization is more open to security risks and potential data breaches.  

These are the reasons why IT and Security teams are experiencing identity governance fatigue. They are exhausted from manually reviewing and approving access requests and rubber-stamping certifications. 

Don’t Run Your Business with a Crystal Ball

Is this how you want to run your business? With a crystal ball that provides predictions based on limited data. Of course not! That is why you implemented an IGA solution. 

What is Identity Governance Blog Image 2.png

Your existing IGA solution has provided you with an initial set of capabilities to manage and control the entire identity lifecycle. From a user’s birthright access to the removal of their access when they leave the organization. The point here is, access requests, access approvals, certifications and role modeling capabilities have gotten you to where you are today. You have made progress in managing and controlling user’s access. That’s the good news. 

The bad news is legacy IGA solutions have created a new set of barriers to your organization’s growth and future success. Existing IGA solutions have stalled your progress because they have not addressed the core problem: “How do I develop a model to solve my access problem?”  Until that question is addressed with a solution that meets today’s challenges and acknowledges the dynamic nature of your organization, you’ll continue to be in a “holding pattern” when it comes to managing and controlling user access across the entire enterprise.  

Grow the Business with AI-Driven Identity Analytics 

How do you evolve past the holding pattern?  The answer is artificial intelligence (AI)-driven identity analytics, which address legacy IGA solution gaps.

Using AI and machine learning techniques to consume and analyze large data volumes, AI-driven identity analytics can detect user access patterns and inappropriate access privileges across the entire enterprise. By automating high-confidence and low-risk user access rights, your security and risk teams will have more time and resources to focus on higher priority tasks and projects. 

In my next blog, I’ll explain how organizations can overcome identity governance fatigue with ForgeRock Autonomous Identity. Be sure to watch the “Identity Redefined: Eliminate Risks and Cut Costs with AI-Powered Identity Analytics” webinar with ForgeRock and Accenture to learn more.   


*** This is a Security Bloggers Network syndicated blog from Forgerock Blog authored by Tim Bedard. Read the original post at:

Avatar photo

Tim Bedard

Tim Bedard is responsible for OneSpan’s Trusted Identity Platform security solutions for financial services. With more than twenty years of IT security experience, Tim has successfully launched multiple cloud-based security, compliance and identity and access management (IAM) offerings with responsibilities for strategic planning to go-to-market execution. Previously, he has held leadership positions in product strategy, product management and marketing at SailPoint Technologies, RSA Security and CA Technologies. Tim is active security evangelist at industry leading tradeshows and events.

tim-bedard has 17 posts and counting.See all posts by tim-bedard