Don’t set yourself up for failure from the start – make sure your business has the right roadmap, architecture and platform for successful IAM programme implementation.
In our last blog we outlined how the changing nature of work and policies such as Cloud adoption, BYOD, the newer risk and compliance landscape and the need for real business agility have led to Identity and Access Management becoming a key requirement for many organisations looking to increase control over the number and nature of users and devices accessing their services. We also looked at planning an IAM strategy right for your organisation’s specific needs. In this blog, the second in our three part series on IAM, we explore how best to implement an IAM programme in order to maximise success while minimising disruption.
By starting on the right foot and viewing IAM as a longer term program of work for continuous improvement, and understanding its relevance to business, security, operational and strategic requirements (identity lifecycle management, access management, information protection, mobile device management, governance & compliance obligations), businesses increase the likelihood of successfully achieving their IAM goals.
Appointing an established IAM Steering Committee that is responsible for awareness, governance and reporting of your businesses IAM requirements and priorities can be a very helpful way of ensuring a successful IAM programme. This group should ensure that IAM and ongoing projects remain on the radar of the Management, Operations and Strategic groups, to ensure the work being done within IAM is being taken into consideration throughout the business.
Some of the typical failures in implementing IAM projects which we see in business are stem from a lack of clear objectives and vision due to a failure to appreciate the breadth of the challenge. Successful IAM implementation requires a significant amount of planning and foresight. For more information on effectively planning an IAM implementation be sure to read the previous instalment in this blog series.
Other factors that can hamper successful IAM implementation are incomplete understanding of the business’s current IAM maturity level and a lack of consideration of where IAM fits within the overall IT strategy. Ideally, your IAM programme should fit seamlessly with your organisation’s IT strategy, augmenting your ability to defend against cyber-threats.
Finally, another thing that can lead to failure is the all-at-once approach, i.e. trying to resolve all goals in a single project. Successful IAM implementation is a process that takes a significant amount of time, and accepting this will ensure that you give each step the due consideration it deserves, ultimately leading to a more cohesive IAM programme.
To implement a successful IAM programme you need to have awareness of your current IAM landscape and capabilities. You also need to have identified the issues, challenges and requirements specific to your business. Following this it’s important to have developed a roadmap that aligns with your IT Strategy. Finally, it’s essential to identify and decide on the right architecture and platform that will help you deliver your roadmap.
All too often, businesses implementing IAM projects focus on individual concerns and requirements in a piece meal approach, tackling them one at a time in a tunnel vision mindset.
The downfall of this approach is the risk of ending up with an array of independent solutions, each focused on one specific concern, resulting in higher implementation costs to the business and requiring more effort for operations to manage and maintain. This piecemeal approach can potentially lead to a collection of point solutions that may fail to properly integrate and deliver a seamless service or over-arching business objectives.
Implementing your roadmap one step at a time is the right approach, but it needs to be done with an awareness of the larger, interconnected picture of the areas that Identity and Access Management now relates to, and the platforms and solutions within the market that can enable you to achieve your business goals. Your IAM strategy and architecture must be grounded in your short and medium term business objectives and needs to support your current ICT strategy. However, it’s also essential that it pays heed to the pace of change in ICT generally, evolving solution and service delivery models, and the rapidly changing risk and compliance landscape.
Your research should consider good industry sources such as Gartner Magic Quadrant, Forrester reports etc., looking for providers and solutions that feature strongly in multiple facets, such as Access Management, Enterprise Mobility, and Governance.
- Garter Magic Quadrant for Identity and Access Management
- Garter Magic Quadrant for Enterprise Mobility Management
What we see is providers such as Microsoft, OKTA, IBM repeatedly scoring highly across these IAM related Magic Quadrant reports, because they continue to invest in providing solutions and services that are inter-related across the array of IAM concerns. IAM is a medium to long term play so it’s important that your selected solution providers also have an equivalent long term vision, roadmap and viability.
When Ward’s IAM team engage with customers in their IAM implementations, we take these considerations into account, so that we can be sure to utilise the right platform that supports the delivery of as many of the businesses IAM requirements as possible. This is also the most cost-effective method of IAM implementation as it doesn’t introduce a myriad of infrastructure or applications into the environment which the business needs to maintain.
To speak with the Ward team about developing or implementing an IAM strategy visit https://www.ward.ie/about-us/contact-us/ or call +353 1 6420100.