|
An effective Identity and Access Management (IAM) solution is quickly becoming a must-have for enterprise organizations. The ability to quickly and reliably verify who is trying to access your systems, and what they are authorized to do, is both a business enabler and a core requirement for meeting regulatory demands.
IAM enables e-commerce Web sites to provide effective customer support and more targeted sales opportunities. It is fundamental to online banking, service delivery and for retail sites that suggest products customers may want to buy based on their past purchases. IAM also enables businesses to open up portions of their network to partners, customers and suppliers, making for a more effective exchange of information that can streamline supply chains. At the same time, IAM enables new employees, contractors and business partners to more quickly get access to the applications they need to be productive and for an organization to easily stay in sync with changes to employee access rights as their roles change.
Effective identity management also helps companies comply with various government regulations, such as HIPAA privacy laws that dictate only authorized personnel see certain medical records and Sarbanes Oxley requirements for how financial information is handled.
Navigating IAM Implementation Obstacles
Too often, however, IAM implementations fall short of expectations. Security in general, and IAM in particular, is a discipline that touches virtually every individual end user and user group in the organization, as well as some fundamental IT infrastructure and business processes. As Figure A shows, many different players have a hand in security responsibilities, from both inside and outside the organization.
Literally all users are affected by IAM, since all users of the corporate network have identities that must be managed and verified in some fashion. As such, IAM requires a thorough understanding of the existing business and security environment and a clear vision of what the desired end state looks like.
Given these challenges, it’s clear that IAM projects require considerable planning and project management expertise, with a project team representing various stakeholders within the company. Most notably, like virtually any large IT project, IAM requires strong sponsorship from senior company management, who must understand the business benefits the technology can bring. And everyone involved needs to understand that, to live up to their full potential, IAM solutions require regular care and feeding long after the initial go-live date, which means planning for follow-up optimizations is crucial (see sidebar: Avoiding the IAM Pitfalls).
IAM Implementation Best Practices
With years of experience we have seen time and again what works — and what doesn’t — when it comes to IAM implementations. For this paper, we have tapped the collective knowledge of these experts to come up with these five IAM implementation best practices: KNOW WHERE YOU’RE GOING IAM is not a one-size-fits-all endeavor. You need to understand your current business and security posture, the role IAM will play in your organization and the steps you will take to get there. Most importantly, you need to have a business perspective and tie the phases of your IAM project to quantifiable business results.
GET THE RIGHT PEOPLE INVOLVED A successful IAM deployment requires cooperation among application owners, business executives and IT personnel. But you’ll also need to involve marketing experts and your end users.
IMPLEMENT INCREMENTALLY Few organizations have an appetite for IT projects that go on for many months or even years before they show business value. Implementing IAM in phases can dramatically shorten the “time to value” of your project — the time before the business sees a distinct benefit — in the process giving you executive backing that will ensure the full funding of future phases.
EDUCATE, EDUCATE, EDUCATE No IT project will succeed without education of both end users and the IT staff that will be charged with ongoing administration and operation. And education is not a one-time endeavor; end users need refreshers as do IT personnel, to keep up with turnover and new product capabilities.
THE JOB IS NEVER DONE Getting full value from an IAM implementation requires that you pay regular attention to it. Like a car that needs routine maintenance, an IAM system needs maintenance to keep up with product updates, changes in the IT environment and optimizations that can continually increase the value of the solution to the organization.
|
