Why Identity Governance Is Ripe for a “Shift Left” Approach


As organizations seek to bolster security and improve the user experience, the “Shift Left” movement is gaining steam. The term actually has a number of definitions, depending on context. In software development, where it originated, Shift Left refers to an approach in which testing is done earlier in the process — that is, it is shifted left on the project timeline. In DevOps, it means security is incorporated into applications throughout the development life cycle rather than simply “bolted on” at the end.

In the IT service management (ITSM) context, Shift Left brings support as close as possible to users, ideally extending help desk resources to the users themselves in the form of automation and self-service tools. This approach is better suited to the way users consume IT services, and the streamlined experience demanded by today’s digitally empowered workforce.

Password resets illustrate the benefit of a Shift Left approach. According to IT service and technical support association HDI, password resets are the number one IT support issue, accounting for more than 30 percent of help desk requests. However, funneling password resets through the help desk is a costly, productivity-draining proposition. Users need self-service tools that enable them to manage their passwords without involving IT.

Access requests are also ripe for automation. Most organizations have complex, manual workflows for onboarding new users and granting access to resources. Access requests might require management approval, further delaying the process and frustrating end-users. This can lead IT to grant users more privileges than they need, creating security and regulatory compliance risks.

By automating access request processes, organizations can empower business users to manage identities and access privileges. Users can be onboarded and offboarded quickly based on roles and policy-based rules engines. Existing users can also submit requests for additional access, which are automatically routed to the appropriate manager for approval.

Extending automation and self-service to on-premises and cloud-based applications can be done via Oracle Identity Governance, a user provisioning, password management, and compliance platform. The Identity Self Service interface gives users the ability to manage their profiles, passwords, and challenge questions. An access catalog presents the available options in a nontechnical, user-friendly manner, making it simple for users to request the resources they need.

Authorized users can easily review and approve access requests, certify other users, and perform manual provisioning tasks as needed. Access can also be granted automatically by using roles, which can be created and managed by business users. Oracle Identity Governance can also scan access requests against existing entitlements to identify potential policy violations. If an access request is rejected, the system initiates a workflow that enables business managers or IT administrators to correct the policy violation by deprovisioning existing access, allowing an exception, or taking other actions.

Oracle Identity Governance boosts end-user and IT productivity and business responsiveness while reducing costs. It also increases security and regulatory compliance by reducing the risk of unauthorized access, identifying users who have access to sensitive data, and consistently enforcing policies across the environment.

Our next post will delve deeper into the security features of Oracle Identity Governance, including privileged account management. In the meantime, contact the Clango team to discuss how this powerful tool can streamline operations and enhance the user experience through a Shift Left approach to identity governance.


For more information about the Shift Left approach to identity governance, please send us an email at (

Comments Closed.