GRC Evolution
Definitions change. Requirements too. What once began as Identity Management is much more effective today.
It is not always strictly interpreted what the department can do for an organization today. This means that the terms are also used differently. We want to counteract the general confusion and show here the evolution from the former IDM to today’s GRC, the highest evolutionary level.
IDM
Identity Management
Digital identities
-> Objective: the reduction of user administration
IAM
Identity & Access Management
+Creation of role models
-> Objective: to simplify the assignment of access and rights
IAG
Identity Access Governance
+Approval processes
+Validations of authorizations
+Traceability of authorizations
-> Objective: the enforcement of guidelines and adherence to compliance
IGA
Identity Governance & Administration
“Gartner” definition: merging of two magic quadrants:
User administration & provisioning
Identity & Access Governance
-> Objective: the merger of several supplier products
GRC
Governance, Risk Management & Compliance
Summary of the three most important levels of action:
IT Governance
IT Risk Managament
Compliance
Centralization of the complete identity life cycle
Extensive automation
-> Objective: consistent information security