Beyond Traditional IGA: Lumos Delivers Zero Trust Identity Governance for the Modern Enterprise
As cyberthreats continue to evolve, managing access to sensitive resources is a growing challenge for organizations. Lumos, a relatively new player in the identity governance and administration (IGA) space, is making waves with its innovative approach. This tech note explores how Lumos’ technology simplifies access management while bolstering security.
Lumos is a relatively new entrant in the IGA market, but its leadership team brings decades of experience in identity and access management. The company's flagship product, the Lumos Platform, is designed to address the growing complexities of managing access in modern IT environments, particularly those with a mix of cloud and on-premises systems.
Source: Lumos, website, 2024
Unified Access Graph and Data Ingestion
At the core of Lumos is a powerful unified access graph that can ingest data from various sources such as HRIS, IdPs, groups, and entitlements, including Salesforce's permission sets. This ability to integrate and analyze diverse data sources gives organizations a comprehensive view of access across the entire enterprise.
Moreover, Lumos also supports the ingestion of contract data, enabling a holistic view of identity-related information. This capability is crucial for maintaining accurate and up-to-date access records, particularly in complex environments with multiple data sources.
Identity Lifecycle and Advanced Features
Lumos addresses the entire identity lifecycle: Joiner, Mover, Leaver (J/M/L) processes are fully supported, ensuring that identity management aligns with organizational changes. The platform supports Just-in-Time (JiT) access with time-based self-service features, akin to a virtual app store, allowing users to request access as needed.
For organizations focused on access governance, Lumos offers robust capabilities for user access reviews (UARs) and user attestations as well as SaaS management to mitigate shadow IT risks. The platform can handle both managed and unmanaged access, providing flexibility while ensuring security.
Lumos also excels in managing software licenses, tracking usage, and costs to prevent overallocation – a common issue that can lead to significant expenses. The platform’s ability to manage licenses and trigger workflows after periods of inactivity ensures that resources are allocated efficiently, reducing waste and optimizing spend.
Source: Lumos, website, 2024
Audit Logs and Delta Reviews
Audit log management is another area where Lumos stands out. The platform can display comprehensive audit logs and supports Delta reviews, which focus only on what has changed since the last review. This feature is particularly beneficial for mitigating access review fatigue, ensuring that security teams remain engaged and effective.
Source: Lumos, website, 2024
Vendor Agreement Management
One of the differentiators of Lumos is its vendor agreement management capability. The platform not only tracks active and inactive licenses but also manages renewal costs and can automatically remove unused licenses. This feature is enhanced by the ability to trigger workflows after detecting inactivity over a defined period, ensuring that licenses are not only managed but optimized.
Source: Lumos, website, 2024
Automated Entitlement Adjustments for Movers
Lumos also offers advanced automation for adjusting entitlements as employees move within the organization. For instance, if an employee relocates from New York to Los Angeles, Lumos can automatically modify their entitlements to reflect the principle of least privilege, reducing the risk of over-privileged access.
Lumos tackles a fundamental visibility problem: getting a clear picture of who (or what) has access to which resources. The Lumos Platform shines a light on every identity – from employees to automated systems – and their permissions, right down to the smallest detail. This visibility is quite comprehensive, providing complete visibility into all identities within an organization, including human users, non-human entities (like service accounts and bots), and even local accounts. This granular insight extends to resource access, drilling down to the role and entitlement levels. By understanding who has access to what and why, organizations gain the control needed to mitigate risks, ensure compliance, and optimize access management strategies.
Source: Lumos, website, 2024
Birthright Access
Lumos allows organizations to minimize birthright access through its pre-approval rules feature. By configuring these rules, administrators can specify:
- Who is pre-approved: Define specific users or groups who are automatically granted access to certain resources or permissions without requiring individual approval.
- What permissions are pre-approved: Determine the exact access rights that pre-approved users or groups will receive.
- Business justification: Document the reasoning behind the pre-approval rule to ensure compliance and maintain a clear audit trail.
- Additional conditions (optional): Add further conditions to refine the pre-approval rule based on factors like time-based access or specific triggers.
This granular control over access provisioning helps organizations reduce the risk of over-privileged users and ensure that access is aligned with business needs. Pre-approving access to collaboration apps for certain roles can potentially reduce unnecessary license assignments and costs.
By using Lumos' pre-approval rules and other features like JiT access and access reviews, organizations can adopt a ZSP model and significantly reduce the potential for unauthorized access or data breaches caused by excessive birthright permissions.
Source: Lumos, website, 2024
Access Control and Integration
Lumos recognizes the diverse nature of modern IT environments. It supports both time-based and policy-based access controls, including traditional role-based access control (RBAC) and more nuanced location-based policies such as attribute-based access control (ABAC). Furthermore, its integration with tools like Slack and ServiceNow, along with automation capabilities through APIs and Terraform, make it adaptable to various workflows. Lumos also employs AI to automatically maintain policies based on real-world data, reducing the burden on administrators.
Lumos doesn't just focus on functionality; it prioritizes user experience. The platform's intuitive interface makes it easy for both administrators and end users to manage access. Building on my previous statement, employees can request access through familiar channels like Slack or a web portal, while administrators have a centralized dashboard for overseeing the entire process. This user-friendly approach promotes a positive security culture, making it more likely that employees will follow established protocols.
Source: Lumos, website, 2024
Lumos seamlessly integrates with popular cloud platforms as well as a wide range of identity providers (IdPs) like AWS and Entra, ensuring smooth access management across your entire IT landscape. By harnessing the power of AI, Lumos automates routine tasks like policy updates and critical access reviews, freeing up valuable IT resources for strategic initiatives.
Alignment With Zero Trust
Lumos' philosophy aligns with the zero trust security model, which assumes no implicit trust and continuously verifies access. The platform's support for zero standing privileges and micro-certifications (dynamic, short, focused access reviews triggered by specific events) helps organizations reduce the risk of unauthorized access. Additionally, integration with security orchestration, automation, and response (SOAR) tools allows for automated access reviews in response to detected anomalies, further enhancing security. Some additional highlights from my demo uncovered valuable features, such as:
- Rapid Deployment: Lumos is designed to get up and running quickly, minimizing disruption to your operations.
- Flexible Policy Management: Customize access controls to meet your organization's specific needs, either through an intuitive interface or with Terraform for automated configuration.
- Customer-Centric Support: Lumos offers robust support and training resources to ensure your organization gets the most out of the platform.
Our Take
Lumos represents the next generation of IGA solutions, ones that align exceptionally well with the demands of a zero trust architecture and prioritize comprehensive visibility, end-to-end access management, and an optimal user experience. Its innovative features, such as AI-powered automation and next-generation access certifications, position it well to meet the evolving challenges of identity and access management in the modern enterprise.
In the complex and unpredictable world of cybersecurity, organizations need adaptable solutions to protect their valuable data and systems. Lumos' focus on user-friendliness, streamlined automation, and adherence to zero trust principles makes it a strong contender for companies looking to bolster their defenses and simplify access management.
Want to Know More?
Mature Your Identity and Access Management Program | Info-Tech Research Group (infotech.com)
Assess and Govern Identity Security | Info-Tech Research Group (infotech.com)
Compliance and Identity Governance & Administration (IGA) Guide (lumos.com)
Best Identity Governance and Administration (IGA) Software 2024 | (softwarereviews.com)
Overview of Lumos Platform 🌟 (loom.com)