The simple answer is no – IAM must be considered with the mindset of continuous improvement (unlike our golf swings which are just perfect now… right?)
Over the course of our last two blogs we’ve looked at the necessary steps that your organisation needs to take to plan and implement a successful Identity and Access Management programme. In the final blog in the series we’ll give you some guidance to help your IAM strategy to stand the test of time.
To help your business sustain the benefits of your existing efforts in your Identity and Access Management projects IAM needs to remain on your IT Governance and Strategy agenda. As well as this, remaining focused on your IAM programme can ensure awareness of new requirements or challenges that are being posed.
One way to ensure that IAM doesn’t fall off the radar once you have completed your initial priority projects is to identify useful KPIs and regularly report on them. This can make it easier to monitor and identify areas of improvement and more importantly, areas that are underperforming.
When generating your reports some important areas and topics to focus on are:
- The volume of user related support tickets, such as password resets or access requests
- The average time it takes to provision or de-provision a user
- The average time it takes to authorise a request
- The number of reconciliation exceptions (orphaned accounts, accounts with elevated permissions)
- Quarterly User Access Management audits for attestation
The threat of Shadow IT
When it comes to sustaining your IAM policies it’s important to ask yourself if you know what solutions and services, either internal or cloud-based, staff are using.
Ward’s team frequently works with businesses that have introduced their IAM programmes and insist that cloud services are not part of their strategy and not used in their organisation. However, it’s often the case that on closer inspection individual departments are found to have on boarded cloud solutions into their team, or are frequently utilising cloud applications to facilitate requirements that the business is not meeting.
A common example of this is the use of Dropbox to share information with external vendors or customers. If this goes unnoticed this sort of shadow IT can severely hamper the effectiveness of your organisation’s meticulously planned IAM strategy, and increase the likelihood of data breach or loss.
Having implemented your policies and procedures, it’s critical that you sustain the appropriate governance, to continually reaffirm and attest your compliance.
As your business, your industry and the way you work continue to evolve, so will your IAM challenges.
Organisations whose IAM challenges were previously limited to their wholly on premise landscape now need to consider how to address new challenges as they look to utilise cloud services. What’s more, growing organisations which traditionally had onsite workforces, now need to manage the concerns over a mobile workforce that needs to work from anywhere, anytime. Finally, continued changes in compliance and regulatory obligations introduce new requirements for businesses, for applying proper security controls, governance and attestation.
IAM oversight is essential
As we discussed in our previous blog on implementing your IAM program, the need for an IAM Steering Committee responsible for IAM oversight within your business is essential. This group needs to promote awareness of your IAM best practice approaches, processes and polices throughout your organisation, and ensure that IAM compatibility is on the agenda for all new ICT Projects, to sustain the efforts and improvements. According to Gartner, by 2018 50% of IAM programs will be responsible for both enterprise and consumer facing IAM infrastructure, up from 20% today.
We understand that businesses can find that they do not have the capacity or capability to fulfill these roles and responsibilities, including understanding of the evolving IAM landscape and what it means to their own business, management and support of IAM operations and monitoring and governance of their processes and standards.
Ward Solutions – an established IAM Partner
This is the value that an IAM Partner can bring to your business. In our capacity as an IAM Managed Service Provider Ward Solutions is focused on staying updated on best practices, industry trends and emerging tools and solutions, and can bring this expertise to your business in a guidance and advisory capacity. In addition to these services, Ward can take responsibility for the day to day support and maintenance of your IAM related environment and services.
To speak with the Ward team about managing your IAM services and challenges, visit https://www.ward.ie/about-us/contact-us/ or call +353 1 6420100.