Identity Automation at Scale

The best part? Self-service saves IT teams time while still maintaining security and compliance.

by Erin Geiger, Content Lead @Lumos

Companies need technology to grow. But all too often companies need to grow to use technology–which is a problem for companies trying to grow and operate on limited budgets. Let’s explain. Every company uses technology. That’s a given in today’s world. Employees use connected devices and apps to do their jobs. Currently, employees use an average of 110 SaaS apps for work, up from eight just five years ago.

Employees need access to the right apps at the right time to be able to do their jobs, but not too much access to be a privacy or security threat. So IT teams work behind the scenes to manually add, remove, or change app access levels depending on employment status.

Throw in tight budgets, and IT simply can’t grow at the rate needed to keep up with the company’s technology needs. At some point, manual provisioning simply doesn’t scale.

Manual provisioning may work well when the company is still small. But rapid growth equals more new employees, more promotions and job changes, and even more apps–all of which require more from IT’s already limited resources. Throw in tight budgets, and IT simply can’t grow at the rate needed to keep up with the company’s technology needs. At some point, manual provisioning simply doesn’t scale.

So now what? Automated provisioning, that’s what.

What’s so great about automated provisioning?

First, let’s back up and talk about security and identity governance. Identity governance defines and enforces policies surrounding user identities and company software. Underneath identity governance is identity access management, which links all employees to their devices, data, and apps based on their roles within the company.

This helps IT teams understand who has access to what so they can identify any risks and hopefully mitigate issues before they happen. For example, if an employee separates from service, the person no longer needs access to any company apps. If the right identity access management parameters are in place, access termination should happen right away and deprovisioning should be a breeze.

But swamped IT teams at growing companies don’t always get to things right away. So employees may have company app access long after they’re gone. This opens the company up to a host of issues, including bad actors as well as security and data breaches. Or, new employees may not have the access they need, which can hinder productivity. And this is where automated provisioning helps companies stay safe and IT teams stay sane.

The nuts and bolts of automated provisioning

Automated provisioning is the first part of identity access management. It’s when employees are automatically granted access to apps and permissions within those apps based on their roles within the company. While companies can give access using automated provisioning, they can also deprovision employees when roles change or they leave the company. Since automated provisioning works without human intervention, it’s far more efficient than manually managing access requests, making it ideal for rapidly growing companies.

Here’s how it works: In a manual process, an employee submits an access request. The IT department then takes that request to the right stakeholders for approval. Once managers approve the request, IT processes it and grants the user access. It’s a lot of work, especially when companies have several hundred (or more) employees.

Automated provisioning automates the approval workflows so IT departments aren’t stuck manually managing access requests. All users are assigned roles in the company’s identity management platform. Each role comes with permissions assigned for a predefined set of applications. For example, any employee with an HR Manager title will automatically receive access to Workday accompanied by a certain set of permissions.

If the person changes jobs within the company or leaves, their role will change in the identity management platform. That change will trigger either a change in permissions or access will be revoked completely. Because access is associated with various roles, users can also make bulk changes to user permissions on a master level. We like to call it smart provisioning.

But automation only works when combined with self-service access requests. Self-service access requests require a centralized company appstore. Employees can use the appstore to browse and discover apps that are relevant to their jobs and request and gain access to those apps from one interface–and without IT help. With the self-service appstore, growing companies can automate onboarding, role change, and offboarding requests so employees can quickly access the apps they need.

The best part? Self-service saves IT teams time while still maintaining security and compliance. In fact, the median TTR of an access request submitted through an appstore is just three minutes, saving 230 employee days every year.

They can work on the things they want and maybe even have the brain space to innovate in their roles. It’s also safe to say that when IT isn’t mired in access request support tickets it increases their morale.

Why you needed to automate yesterday (the benefits)

Automated provisioning isn’t just nice to have; it’s essential. Think about it this way: If a company has ten employees and uses ten apps, then IT will receive anywhere from 10 to 100 access requests. Multiply that by 300 employees and 200 apps, and suddenly IT teams can find themselves spending entire days managing access requests and deprovisioning. It’s not efficient; it’s not cost-effective. It’s also not necessarily secure and compliant because let’s face it, we’re human and mistakes happen.

Automation streamlines provisioning and deprovisioning into one efficient process and removes the heavy lift from IT. Once companies enter employee roles into their identity management system, they’re good to go. Onboarding, role changes, and offboarding are handled automatically, which frees IT to be more productive and focus on other important tasks. They can work on the things they want and maybe even have the brain space to innovate in their roles. It’s also safe to say that when IT isn’t mired in access request support tickets it increases their morale.

But IT isn’t the only department that becomes more productive. When employees have day-one access to the apps they need to do their jobs, they’re productive faster. As every company knows, time savings equals cost savings.

In addition to increasing efficiency and productivity, automated provisioning decreases mistakes–which increases security and compliance. Since there are no manual processes, the IT department can’t accidentally give a person access to the wrong application. Employees also have no way of accessing information that isn’t within the scope of their predefined role. Team members automatically gain or lose access the second their role is changed, which means there’s no risk of a terminated employee maintaining access to company applications.

By storing all roles and access parameters in the identity management system, companies also have complete visibility into who has access to what. Not only does this reduce security risks, this granular level of visibility makes it easy to keep an audit trail. With automated provisioning, here at Lumos we’ve witnessed companies that have seen their median TTR fall to under a minute. By consolidating multiple streams of access requests into one that leverages secure automation, companies have their provisioning process buttoned up and ready to go.

At the end of the day, automated provisioning should be called smart automated provisioning because it’s exactly that. Automated provisioning is the smart thing to do because it alleviates the burden off employees while increasing efficiency, productivity, and security.

It just so happens that at Lumos, we’re all about giving your IT team their time back. Time back to innovate. Time back to progress your company goals further. Time back to support your workforce in their critical initiatives. Time back to love their job again. Let’s chat! Book a demo to see what we’re all about here.