Roadmaps to Reality – Transition IAM Recommendations to Results
How do Companies Define Value in IAM?
As with nearly any realm of technology, there’s often a disconnect inside companies between the people who would operate an identity access management (IAM) solution and the people who would fund it. Within the executive suite, for example, it’s common for a CISO to feel that mature IAM capabilities are mandatory, while the CEO may see it as a nice-to-have. Unlike revenue generating functions, IAM’s value is indirect — it comes from saving companies time, manpower, and the expenses of breaches, data loss, and other threats.
In order for IAM solutions to be effective in improving security and efficiency, companies have to appreciate their value. Though organizations may be familiar with the fear, uncertainty, and doubt (FUD) often associated with security risks, they may not be aware of IAM’s potential to increase productivity and collaboration, while reducing complexity and operating costs. A comprehensive IAM strategy and roadmap can help companies understand the scope, vulnerabilities, tooling options, and best practices for their current and future environments, and then decide how to allocate funds and internal resources towards their business’ highest priorities. Here are some of the other ways companies find value in their investment of an IAM strategy and roadmap.
Understanding Needs, Spending Wisely
Many companies considering an investment in IAM are less familiar with it as a business requirement than they might be with, say, customer relationship management (CRM) systems or even other cybersecurity solutions such as anti-virus and mobile device management. Because of business impact and policy and process considerations, identity success requires industry context and more often than not, companies don’t know what they need to know about IAM optimization. This lack of knowledge can result in costly purchasing mistakes — software that’s implemented incorrectly, never gets used, or fails to fix a critical issue — or implementations that fail due to ineffective process and support changes.
With a tailored IAM roadmap and a defined program, companies gain an understanding of the most efficient way to invest in IAM solutions. Experienced IAM experts can help companies understand where to spend their dollars and how to save them. For example, these experts assess each company’s unique needs and provide guidance about which products are necessary — and which are not. These experts can help companies avoid the “tourist traps”— like add-on modules most customers will never use — while recommending solutions most customers had never considered. They also act as advocates, negotiating with vendors to find customers the best deals on products, services, and licensing. In addition, these experts can help determine the optimal order for deployment to increase value and avoid technical traps of complicated deployments. Developing a strategy based on a thorough understanding of their environment means companies can make a more efficient, valuable investment.
Developing a Strategy That Works for the Business
Most executives have a strategy that guides their decision making. A strategic framework helps companies set a vision for improvement, meet their goals, and avoid getting stuck in the tactical day-to-day. But when it comes to IAM, companies often lack the bandwidth or contextual expertise to develop a strategy. Taking an incremental, reactive approach — implementing “tools for problems” — is neither sustainable nor efficient.
A multi-phase IAM strategy guides companies toward making the right investment, in the right places, and at the right time. This means purchasing recommendations customized to what the customer needs (and doesn’t); prioritizing actions that will have the most meaningful impact on the company; and taking a staged approach to implementation, so companies can find efficiencies and build effective user life cycle management capabilities. A good IAM strategy provides solutions to existing problems, but it also puts companies on a proactive path to improve over the longer term.
Benefiting from Proven Expertise and Perspective
When companies seek outside expert assistance, it’s often because they’re overwhelmed and don’t know where to start. Their motivation may come from one person in the organization, or from a particular challenge: an audit finding, weak data protections, or tech support reps becoming swamped in manual processes. Many companies know they should do something, but they don’t know what that should be. For IAM professionals who are struggling to stay above water with their day-to-day responsibilities — much less stay informed about the latest trends, technology, and guidance — reading vendor datasheets and analyst white papers can feel like drinking from a firehose.
IAM experts bring a wealth of experience, having worked with customers of all different sizes across a broad range of industries, regulations and business initiatives. They’re skilled in discovering a company’s needs, developing a customized strategy and roadmap, providing tooling recommendations, sharing best practices around process and staffing, implementing complex IAM systems, and educating stakeholders across the company. This is bandwidth and expertise most companies don’t have in-house.
Making the Most of the Results
A documented IAM strategy and roadmap is important for all companies, and for some companies, it would end there. But the discovery process serves to socialize IAM across the company: it educates staff and stimulates stakeholder support, and these are valuable assets that make future IAM program more successful. If companies don’t keep this momentum going, it will die. So it’s critical to have a set of prioritized action items and milestones in the roadmap that spell out what to do next, and who needs to be involved and how much it will cost. Effective strategies and roadmaps will always organize an action plan according to priorities and timelines that work for the company. Most action plans will include:
- Assigning ownership of next steps
- Initiating conversations with vendors and the POC purchasing process
- Pulling together request for proposals (RFPs) and proofs of concept
- Recommendations for building out an IAM team (including hires, roles, and training)
- Templates and best practices for codifying and implementing policies and process
- Guidance for the order in which systems are implemented
- Guidance for working with other departments (Compliance, Legal, HR)
- Specific guidance on unique IAM challenges discovered during the Advisory project
- Establishing market sensitive budgets and realistic delivery timelines
Adapting to Changing Requirements
In every organization, there will be an infinite number of needs and a finite amount of money. IAM experts are tasked with educating company executives so they can effectively prioritize one need over another, and companies need to be able to respond by shifting priorities as the business environment changes.
Regulatory requirements force companies, especially those in highly regulated industries like finance and healthcare, to prioritize funds in ways that protect their customers. But requirements also protect companies, by motivating them to invest in fundamental IAM infrastructure. These investments level the playing field among companies within the same industry because they ensure that competitors are spending money in the same way.
Smart companies try to anticipate what’s around the corner and stay on top of changing requirements. Behavior analytics, machine learning, artificial intelligence, robotic processes and consumer identity and privacy all play a role in the future of enterprise identity maturity. With GDPR passed in Europe, for example, many companies already are preparing for it to pass in the U.S. Forward-thinking executives stay up-to-date on new developments and want to be prepared, because they know that spending one million today is better than spending twenty million on a fire drill later.
Outside expertise can help customers adapt their roadmap and strategy to most efficiently accommodate changing priorities, and enable them to anticipate what’s coming next so they can be ready to see around corners.