Identity governance and administration (IGA) refers to how organizations manage digital identities such as users, groups, applications, and data on their systems. It involves a series of controls and best practices that allow security teams to easily monitor, manage, and edit these identities and their permissions.
IGA can be separated into:
Identity governance: Managing identities during their lifecycle on the system. Involves defining access rights and roles, ensuring compliance with regulations, and monitoring user activity.
Identity administration: Executes the policies and procedures set up through identity governance. Involves the day-to-day tasks of handling user accounts, access privileges, password resets, and more.
IGA is useful for:
- Monitoring the system for access-based risks
- Creating team permissions for new projects and applications
- Safely collaborating with customers and third parties
- Automating the creation of roles and permissions
- Optimizing workflows
- Providing full visibility of nested access rights
- Making informed decisions about privilege levels
Why is IGA important?
Organizations typically need to modify permissions based on three main factors:
People: New hires, promotions, and transfers
Business: New products, applications, and partners
Infrastructure: Cloud migration, upgrades, and application updates
These changes can quickly scale and become complicated, which is why all identities within the organization should be given the proper permissions. That way, sensitive resources aren’t exposed and everybody can do their job properly.
IGA allows security teams to track and control these identities and the resources they have access to. This helps to prevent data breaches and attacks, automate role-based access controls, and ensure compliance with data privacy and security regulations.
The wrong permissions can lead to security risks such as:
- A bloated account with too many high-profile permissions, which can become a target for attackers.
- An insider threat accessing critical data and assets.
- An attacker escalating their privileges and moving laterally across the company system.
What are the differences between IGA, ILM, IAM, and PAM?
Organizations use IGA as a framework for governing all the identities in their system and remaining compliant with regulations. ILM is a key component of IGA that covers the operational aspects of creating, managing, and securing these identities. Both IGA and ILM encompass IAM and PAM, with PAM being a subset of IAM.
| Purpose | Scope | |
| Identity Governance and Administration (IGA) | Provides an overall security and compliance framework for identities | High-level identity management |
| Identity Lifecycle Management (ILM) | Managing identities across their entire lifecycle | Operational identity management |
| Identity and Access Management (IAM) | Managing the access that identities have to resources | Subset of IGA |
| Privileged Access Management (PAM) | Managing and securing privileged access | Subset of IGA and IAM |
