You’ve probably heard enough about the benefits that an Identity and Access Management (IAM) program can bring to you. Most of the benefits pitched to customers from various vendors revolve around specific features of the products, and are generalizations at best.
For example, password reset is available as a feature, and the obvious benefit is reduced helpdesk costs. Plain and simple! There is, however, much more to the story.
When you go ahead with an IAM program, this is what you are really setting out to do:
Setting up an IAM solution forces one to optimize and define processes that carry no ambiguity, because automation cannot be achieved when there is ambiguity. Don’t count on the partner who is on keen to migrate your existing processes into the IAM system without questioning the need or sense behind that process.
Example: Quite a few customers insist on having the employee’s manager approve the request first, and then send it to a secondary owner for a final approval. When questioned, the response often is, “We don’t trust our managers. They may approve just about anything that someone requests, so we need someone else take a look at it.” The question we then pose is, “Why have the manager approve something when you don’t trust his judgement?” Or “Have the manager approve requests, but educate the users about the responsibility they carry when they approve something.” You get the idea.
Streamline data across systems
This is an opportunity to bring consistency to how data values are treated by applications across the organization.
Example: The location for a person maybe “SFO” in one application, “California” in another, and “Calif.” in yet another application.
Traditionally, each application owner is used to operating in a silo, and comes up with a naming convention designed to suit the needs of the hour and the application. Standardizing the values across applications lets the organization take charge by bringing in the ability to centrally manage various aspects of user properties, rights, etc.
This change often sees the greatest amount of inertia, but is the one that truly lets organizations leverage their IAM investment. The solution isn’t to avoid standardization. The solution (and opportunity) is to strengthen change management.
Build a platform for future application development
Traditional application development models cater to embedding the authentication and authorization into the core of the application itself. With an IAM program- in place, you have the luxury and comfort of asking application developers to develop just the business logic in their application. All authentication and authorization related decisions can then be delegated to the IAM platform, resulting in
a) Application developers focused on core business functionality
b) Having a secure, and proven mechanism for authentication and authorization decisions
c) Achieving a complete view of who can do what in which application
In a nut shell, most IAM programs are about implementing a vision. It is an opportunity to question what has been done for years, to optimize, streamline and strengthen the way the organization functions, and to discard the legacy that has ceased to provide value.