Solution Brief: Reduce IT Friction - Automate the Identity Lifecycle to Streamline IT Operations
Executive Summary
Whether it is a large enterprise or a company growing at a fast pace, when it comes to managing the identity lifecycle, IT teams become a bottleneck for providing access and a security risk when it’s time to remove it.
Manual processes and automation through scripts that require ongoing maintenance is how many companies choose to manage onboarding, transitions and offboarding often to realise that with the pace of change in the business and increased adoption of cloud applications these approaches cannot scale. A modern identity lifecycle management to streamline operations, provide day one access, and prevent former users retaining business accounts is required.
Such an identity strategy helps businesses increase agility by deploying a single identity architecture, and facilitating change through automating many IT lifecycles. Businesses that embrace this change are able to decrease costs, increase efficiency and their security posture at the same time.
The Challenge: Increasing Pace of Change
If there is any constant in modern business and IT, it’s change.
• Companies who used to have a handful of applications to manage for just their core employee base, now adopt cloud services in the tens or hundreds, adding new ones every month.
• IT is now managing an increasing amount of identities that are considered non-employee.
• Compounding reality is the fact that IT organisations are constantly being asked to do more with less. To provide value to shareholders, IT organisations push for efficiency, which often means making tough prioritisation choices.
There’s a desire to focus on innovation so the business can keep growing, but agility, availability and cost, often become the focus.
Integration periods stifle innovation, along with on-prem system failures, slow onboarding process that impacts the entire company, as well as an overwhelming amounts of service requests directed at IT. Security is also applying pressure, with risk of breach from error prone manual process and lack of visibility into who has access to what.
Business areas impacted from manual identity lifecycle management
Left unchecked these impacts become a massive burden:
• 40% of the workforce is going to be flexible (non-employee) by 2020 from 20% today
• 81% of employees admitted to using unauthorised SaaS applications
• 73% of IT leaders agreed that keeping track of identity and permissions across environments is a primary challenge
Providing Day One Access
A survey, held by Okta’s partner ServiceNow, found that 8 in 10 companies both large and small, still use unstructured manual tools such as email, spreadsheets and even personal visits to drive routine work processes, and fewer than 1 in 10 have automated applications assignment for employee onboarding. The result is frustrated and unproductive employees, and an overwhelmed IT department.
Modern organisations provide self-service tools like password reset or access requests, through a single identity management system. Account management is downstream applications are automated using provisioning connectors and access decisions are delegated to right people automatically without generating IT tickets.
Okta streamlines day one access
The result is faster integration of acquired products and services, IT focus shifting to money generating initiatives and reduced likelihood of assignment error or unauthorised access.
Creating a Single Source of Truth
Every company needs a directory to manage information on employees joining, moving and leaving the organisation. HR owns that directory, but IT needs its own directory for managing access and permissions. In some cases, IT will have more than one directory to manage—one for contractors and partners, and one that they inherited from an acquisition or a merger, etc. IT is typically tasked with keeping information across all systems up to date, and that includes all downstream applications profiles, which turns into a tedious ongoing task.
Okta has collected data from customers and found that an organisation can spend up to 6,250 hours a year on tasks like change requests5. This includes updating downstream accounts in applications, informing HR and other tasks required by the business.
The friction created by directories sprawl also includes expensive cross domain infrastructure, error-prone processes that create security holes and lack of visibility into compliance.
Leveraging a modern cloud directory and connecting it to all the sources of truth in the organisation, like HR, active directory, and results in information being automatically synced, no need for investing time and effort in how to scale infrastructure, and out-of-the-box real-time security and audit reporting.
Creating a single source of truth with Okta
Staying Secure with Comprehensive Offboarding
Even a single account of one employee that was left active for any reason, might create a security loophole. According to a security survey “More than 13% of respondents can still access a previous employer’s’ systems using their old credentials.” Additionally, in a recent survey done by IDG, IT professionals attested it takes 47 hours on average to manually offboard and deactivate a user who has left the organisation.
While HR is tasked with offboarding users and maybe deactivating accounts in payroll or travel systems, it’s too often a few days before anyone tells IT that the employee has been terminated. This is exactly the time, where an employee who was involuntarily terminated may be most motivated to inflict damage however possible. When that happens, the average cost of a data breach in the US is estimated at a staggering $7M7 . While some organisations can recover or bare the cost, the trust with their