Automation Complements Access Governance To Reduce Risk

As budgets continue to be in flux, and IT and security teams must reduce risk using fewer resources, automation - a key business enabler - is becoming paramount. This 2020 survey fromBravura Security and Pulse of 100 Higher Education IT Executives uncovers the discrepancy between the IAM processes currently in place and what best practices truly are-especially when it comes to the benefits of IAM automation.

According to a recent survey on identity and access management (IAM) best practices in higher education institutions, CIOs consider Identity Governance and Administration (IGA) the best approach. However, IAM automation also needs to be a top priority — proving a conflict between what respondents have implemented today and what best practices truly are.

The survey, conducted by Gartner on behalf of Bravura Security, focused on changes in priorities for IT leaders in higher ed, emphasizing reducing risk using fewer resources. Automation — a key business enabler — is becoming paramount. Almost all leaders surveyed agree that a governance-first initiative is the most effective way to initiate and manage an ongoing IAM program, and also report they plan to automate 100% of their IAM processes.

The pandemic has threatened most institutions' IT budgets, with 100% of CIOs reporting that budgets and existing infrastructure investments are preventing full IAM automation. Due to these new 2020 challenges, 93% of respondents say managing the provisioning and de-provisioning of entitlements has become more challenging this year without automation.

As a result, 99% of these executives say that automating IAM processes that specifically handle the increasing number of layoffs and resources privileged users can access would help them boost the productivity and security of their organization.

The main business benefits of automation identified include:

• reducing institutional security risk (69%),
• boosted confidence in compliance status (65%)
• and a shift from reactive to proactive threat detection (59%).

"Higher ed CIOs and IT Leaders are understandably conflicted between governance and automation," said Kevin Nix, CEO at Bravura Security. "The market has told them for years that a governance-first approach is the best practice for IAM. By implementing automation, they can improve governance and certification while keeping within budget. Hackers use automation — why shouldn't higher ed?"

Other survey findings include:

• Three-quarters of higher ed CIOs say executive buy-in impedes automation.
• While only 13% of higher education IT executives cite the improvement of end-user experience (UX) as the main benefit they hope to derive from IAM automation, two thirds (67%) rate Ux’s influence over the IAM roadmap as at least a 4 on a scale of 1-5.
• Nearly all (99%) respondents believe their organization's security and productivity would benefit from automation IAM processes that specifically handle the increasing number of layoffs and resources privileged users can access.