1. Security and Risk Reduction Metrics

The primary goal of a modern identity governance and administration (IGA) solution is to enforce concepts like the Principle of Least Privilege and actively reduce the identity attack surface, as emphasized in the transition to Zero Standing Privilege (ZSP) and the focus on Identity Security Posture Management (ISPM).

• Access Risk Reduction: Target a reduction in users with unneeded or excessive access (Orphaned Accounts, Stale Access).

• Segregation of Duties (SoD) Violations: Decrease in total SoD policy violations by a measurable percentage within a finite timeframe (e.g. within 6 months).

• Time-to-Remediation: Decrease the time required to revoke access for high-risk or compromised identities.