Stop optimizing the parts instead of the whole. Learn how to apply Systems Thinking to your Identity Management strategy.
As organizations grow, they eventually cross a threshold where they can no longer afford to manually administer and manage user access; at this point, they must find a way to automate routine user administration tasks. These organizations invest heavily in Identity Management programs to address these challenges, improve scalability and performance, and enhance the end-user experience. In order to achieve these changes to processes and systems, organizations are often required to think differently about their user lifecycle management challenges. As they begin to tightly integrate their HR systems and process with their IT systems, too many organizations rely on a traditional analytical thinking approach to these issues. This approach supports incremental improvements, but not organizational excellence. A better approach is to apply Systems Thinking to deliver sustainable success.
Systems thinking provides a way of gaining a big-picture view of commonly occurring systemic problems in organizations, namely, the tendency to implement “Band-Aid” fixes and the tendency to shift the burden from one functional area to another. Understanding these two common pitfalls in problem-solving is particularly useful in understanding and resolving problems that frequently plague Identity Management-related process improvement efforts. Identity Management Projects often have long lead times and, as a result, issues can arise and grow for a long time without anyone outside the project being made aware. When issues like this do arise, teams need to take the time to address them holistically and avoid falling into the Band-Aid-fixing or burden-shifting trap. The best way to avoid these detours is to understand them in order to identify them when they occur and know how to handle them.
Band-Aids Offer Little Help
When confronted with a new issue, teams often look for the simplest, or most straightforward, solution that can be applied to the problem. At the moment, it may seem like a good idea because it means the team can take action to manage the problem quickly and go back to doing routine administrative work with minimal disruption. However, these simple solutions are commonly arrived at with little analysis and without a thorough understanding of the issue at hand. This results in unintended consequences, including creating new issues in other areas of the business or leading to the reappearance of the issue later because it wasn’t properly fixed the first time. The better approach is to address the problem properly when it first arises by considering the effects of the solution holistically and taking a long view of the outcomes. Not only is time saved in the long run because the issue doesn’t appear again, but it contributes to better overall product quality and higher satisfaction of everyone involved.
Shifting the Burden
Shifting the burden usually begins with a problem (e.g. integration errors) that prompts someone to intervene and solve it. The solution is obvious and immediate, and it relieves the symptom quickly but takes attention away from the real problem: the true cause of the integration issue. As time goes on and more integration issues occur, the same approach that was used to fix the first issue is used repeatedly. Over time, this transfers defect resolution from those who are responsible for the integration to the team that keeps patching them. One example of this is where the System of Record (i.e. the HRIS system) is no longer acting as the authoritative source and the IAM solution takes over user event management. The insidious side effect is that the focus shifts from fixing the root-cause to ‘passing the buck’ in a way that often hurts service levels by burdening the existing delivery processes with overly bureaucratic standards and procedures.
Systems thinking challenges the conventional wisdom that any action taken to improve a situation in the short-term will also improve conditions in the long-term. In reality, “quick fixes” to complex problems often create unintended consequences that neutralize initial gains or actually make matters worse in the long run; reducing service levels while driving up costs. These fixes wind up optimizing the individual parts, but not the whole system, which has to work together to function properly. If the IAM program loses sight of its overall vision or goals, a focus on short-term fixes usually takes over. These quick-fix solutions usually erode the long-term capabilities of the system, and thus the value they deliver to the organization.
- Involve stakeholders from different functional areas that touch the processes and systems before attempting to define and solve a given IAM problem
- Look beyond the ‘crisis du jour’ and consider the long-term sustainability of the solution before making the decision to implement a quick fix
- Committing to long-term change is challenging. Both the HR and IAM teams need a shared vision for what they are trying to accomplish (e.g. IAM maturity model) and persevere through the difficult discussions and decisions that are part of any systemic change
- Recognize that quick fixes often have unintended consequences that should be anticipated. If organizations lose sight of the long-term goals while they work on the short-term problems, the more likely it is that their IAM program will fail.
Read more about how you can apply Systems Thinking to your Identity Management strategy:
- Role Based Access Control (RBAC) and Systems Thinking
- Using Systems Thinking to Handle Errors In Your IAM Solution
Follow @Idenhaus on Twitter and subscribe to our biweekly newsletter.
By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us