A Siloed Approach to Identity Governance Puts Organizations at Risk


There’s a mind-boggling array of security solutions on the market today, many of which address individual security threats. It can be tempting to assemble a security environment piecemeal, as threats arise, but this leads to a siloed approach that leaves gaps and blind spots.

Identity governance is often placed in its own silo, separate from threat intelligence, behavioral analysis, and other security disciplines. This stems in part from the traditional role of identity management as a means of controlling access to internal IT systems. However, that role has changed with the rise of mobile and the cloud and the growing push for digital transformation. We can see that identity governance is a critical component of the modern cybersecurity strategy and must work in concert with other security tools.

The cloud and mobile have created a porous perimeter that can only be secured through identity. Identity and access management systems must be able to control which users and devices are authenticated, what applications and services they can access, and what they are allowed to do once they access them. The effectiveness of this process is especially crucial when it comes to privileged access. Privileged credentials must be protected to prevent malicious insiders from gaining administrator-level access to mission-critical systems.

If an attacker is able to gain access using legitimate credentials, however, all bets are off. Legacy siloed identity management systems are not able to detect and mitigate this threat.

It takes an integrated approach to identity governance to leverage contextual information to reduce risk. Such an approach helps IT and the business users who authorize access privileges to understand the risks associated with that access from a business perspective. It also coordinates with threat detection and response systems to alert IT teams to access attempts that appear to correlate with a security threat.

RSA’s Identity Governance and Lifecycle solution goes beyond traditional identity management to deliver in-depth visibility across the extended IT environment. This solution enables IT teams to identify and manage high-risk users and roles and ensure uniform enforcement of policies. It also automates the process of requesting, approving, and provisioning access to reduce the risk of shortcuts and workarounds that weaken security.

Advanced, risk-based analytics further increase efficiency by assessing entitlements and access data in a business context to identify policy violations and risk. RSA Identity Governance and Lifecycle also continuously evaluates role-based access to help IT teams meet compliance requirements.

Most importantly, RSA integrates Identity Governance and Lifecycle with its entire portfolio, making it possible to leverage identity as a security and risk control mechanism. Identity Governance and Lifecycle connects with the RSA Archer Suite and combines with RSA SecurID Access to enable risk-based access decisions and authentication. The RSA NetWitness Platform enables security operations teams to use Identity Governance and Lifecycle to better investigate and remediate identity-based attacks.

All this helps organizations contend with the fact that the siloed approach to security is no longer effective as they seek to defend applications and data across the extended IT infrastructure. Strong identity and access management is essential for authenticating remote and mobile users and detecting access-related threats.

Clango is an authorized reseller and RSA Certified Partner specializing in RSA’s Identity Governance and Lifecycle, SecureID Access, and Archer offerings. Let us show you how the integration of these solutions can provide comprehensive protection against identity-based risks.


For more information about RSA, please send us an email at (

Comments Closed.