IDG Answers is a community of experts who are passionate about technology. Ask a question or answer one below.
The more employees, the more necessary identity automation becomes. Depending on your industry, there may be regulations such as HIPAA or Sarbanes-Oxley that force you to have a roust identity governance policy in order to be in compliance. So determining whether your business falls under these or other laws, and what the law requires for compliance would be my first step in creating an identity governance policy. Beyond that, some of it is common sense whether automated or not, such as purging accounts of former employees. Identity governance is an automated process of controlling and managing user access to company data, so it is more than just the issuance and recovery of lost passwords. In the end, the central purpose is to track identity related items that represent a risk of financial loss or damage to your company reputation. There are plenty of vendors that can provide identity management tools, and it would probably make your life easier. You have to be confident that the correct people have access to the appropriate system, and all identities are properly assigned and controlled.