As a teenager growing up in the 80s, I had the luxury to discover U2 along with everyone else coming of age back then. Sure, they have gone on to become one of the greatest bands of our time, but for those of us who were there in the early days, experiencing this amazing band from Ireland felt quite special.
I had their cassette tape, U2 War, and I played it non-stop in my ’78 Thunderbird Coupe. While the anthems of “Sunday Bloody Sunday” and “New Year’s Day” were supreme, there was another track – “Two Hearts Beat as One” – that I also really liked. Bono bled his heart out on the track (he allegedly wrote the song while on honeymoon with his wife). The music video was filmed on Montmartre in Paris and had an energy that contributed to the impression the song made upon me.
Well, recently I was driving in my car and pondering my new role at Clear Skye. Lo and behold, “Two Hearts Beat as One” came on the radio. It struck me. The song was a metaphor for what I was about to embark upon.
You see, ITSM and IGA have had an interesting journey. I don’t think anyone could have anticipated it. While they are both relevant to ITSM, IT Security, Governance/Compliance and Workforce Automation, they generally fall under different teams. These teams ultimately roll up to the same leader (CIO/CFO); however, they don’t generally work together (different budgets, different day-to-day focus). We have two IT “hearts” beating separately.
What is the genesis of IGA at any company? It often starts with a Helpdesk request and the “Service Desk”. A ticket gets created to give someone access and the Helpdesk team does their best to fulfill and close that ticket. As a company gets bigger, they realize they need a more automated, standardized way to fulfill the crazy number of requests that hit the Helpdesk for provisioning system access to applications and data. They realize they need to overlay governance and compliance on top of the user administration the Helpdesk team is doing manually.
Enter IGA, a solution that allows a company to do access provisioning and governance at scale (i.e., visibility to who has access to what and the ability to certify that access is appropriate in an audit). This is where the second heart is born. The business said:
“Hey, ITSM team, keep doing what you’re doing, it’s the backbone of our IT service delivery to the business, but we need to do this separate thing that involves deeper identity governance and administration. We’ve procured a special solution to do that”.
Alas, we have two hearts – very important hearts – beating separately within the overall IT Security and Service Management landscape of a company.
I’ve witnessed this situation many times over the years. They are truly two different worlds. One world is about servicing the business and the increasing demand for incident response, access to systems, applications and non-digital assets to ensure we’re not impacting the “speed of business”. The other world – the IGA world – is dominated by IT security, role engineers, app owners and Identity architects that want to define the “desired state” by which all IGA implementations are measured: Do our workers (employees, contractors, customers) have the right access – and no more – to do their job effectively without introducing risk to the company and exposing us to breach.
It’s two hearts. Both are beating separately and doing their best to ensure IT administration, governance/compliance and workforce automation is in place to support secure digital transformation and adoption of the Cloud.
Anyone who’s been in the business a while can relate to this next point. So many IGA access requests originating in the external IGA system, end up as a ticket in the ITSM solution to be fulfilled. One heart beats separately from the other, but organizations have to bring the “blood” together to flow through the main arteries of IT operations and fulfillment. Then, ironically, they need to pump it back to the external IGA solution to close out the audit trail and manage “current state”.
What if we could merge these two hearts and have them beating together to increase the value of your ServiceNow investment while streamlining your IGA program and lowering your TCO?
That’s two hearts beating as one. That’s a better way to IGA.
With apologies to Bono…