IAM is more than technology implementation. That’s why you need an Identity Management strategy.
On its face, Identity Management (IAM) appears to be a straightforward exercise. It’s about validating a user’s identity and determining which user should have access to what. Simple, we’ll buy a product, install it, put in a few connectors, and there we go! How hard can it be? Unfortunately, IAM is one of those solutions that sounds easy but is actually really difficult to get right. Statistically, more than half of IAM projects fail the first time, and even those that “succeed” usually fall short of expectations. So how do we get on the right side of the percentages?
[feature_box style=”10″ only_advanced=”There%20are%20no%20title%20options%20for%20the%20choosen%20style” alignment=”left”]
Before you continue reading, how about following us on LinkedIn?
[/feature_box]
When we look at the organizations that struggle with the mess of data around users and systems, it becomes clear that significant changes are required. We have to get away from the idea that we can manage identities in a completely linear fashion like we might manage a production line. Instead, we need to think about developing flexible strategies that adapt to business changes and support some level of ‘organizational chaos’.
A formal Identity Management strategy allows us to work together on common challenges and opportunities, rather than approach them in isolation. Over the life of the strategy, planning and evaluation of activities provide important information and reflection of what is achieved. By evaluating opportunities will provide a line of sight into the progress of the strategy towards its goal and where there are issues requiring new approaches. In other words, the strategy has to be actionable and we have to hold ourselves accountable.
An IAM strategy should inspire and challenge the organization to drive transformation beyond the confines and limitations of business as usual approaches.
An Identity Management Strategy needs to cover these 4 areas to be successful:
1. Assess Processes, Policies, and IT Architecture
Developing an Identity Management strategy begins by understanding where you are. Conduct a formal analysis of HR Systems, user lifecycle processes (join, move, leave), your Active Directory/Azure environments, provisioning processes, and internal competencies. At the end of this phase, you will know your strengths and your struggles.
2. Identify Opportunities
A key part of the assessment is not only reviewing processes and systems but also talking to internal and external stakeholders to discover new opportunities to leverage IAM. Identify metrics to provide an evidenced-based narrative on the contribution an opportunity makes to the business and technology aspects of the organization.
3. Gain Stakeholder Buy-In
The first two steps in an Identity Management strategy are about understanding where you are and identifying where you would like to be. Conducting interviews across the organization drives awareness, makes the business a part of the process, and makes it much more likely that we will build what people need. Everything we build should be in response to the business pulling. To be truly innovative in harnessing the benefits of IAM, the business should have the ability to consider a portfolio-wide, strategic approach to advancing technologies and driving the direction of its investment, rather than simply monitoring the implementation and progress of initiatives.
4. Vision and a Plan
Create a roadmap for getting from where we are today to our desired end state. Supermarket analogy: packaged, categorized items, each with a cost of production and a price. These measurable outcomes developed in partnership with the business The Strategy will guide investments in digital transformation and help align the organizations spend on IAM to improve outcomes for stakeholders and businesses.
IAM solutions can get unnecessarily complicated in a hurry. The ultimate goal is to deliver superb solution quality and excellent value to the organization, which Idenhaus believes can exist together. For many organizations, this has been a formidable goal, and IAM programs have been notoriously dominated by poor quality implementations from global solution providers.
In order to be successful, organizations have to be committed to a disciplined implementation methodology. A meticulous and persistent approach in pursuing simple designs that perform significantly better than overly customized bloatware. Leaders should remain undeterred in their vision to develop a solid, streamlined IAM foundation and insist on lean designs. If there’s one mindset that will really get in the way, it’s having a project mindset. If we want to go beyond just coping with the identity data mess then we have to get comfortable with the idea that Identity Management is not a project; it’s an ongoing strategic program.
Learn more about Identity Management Strategy Services.
To receive the top IAM and cybersecurity articles in your inbox every two weeks (Tuesdays 8 PM EST), subscribe to our Identity Management biweekly and/or our Healthcare Cybersecurity and IAM Digest.
Follow @Idenhaus on Twitter and subscribe to our YouTube channel.
By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us
