KuppingerCole Report
By Martin Kuppinger, Andre Priebe

Engineering Successful IAM Projects to Support Digital Business

Success in IAM projects is not a given. It requires careful planning, change management, expectation management, and many more - including sufficient budgets. This whitepaper gives recommendations from the practical experience of both KuppingerCole Analysts and iC Consult on how to make IAM projects a success.
By Andre Priebe

Commissioned by iC Consult

1 Introduction / Executive Summary

IAM projects have some reputations for stalling. Many projects started big and delivered under expectations. There are reasons for that, starting with the complexity of IAM (Identity & Access Management) being cross-divisional. It is about interfacing with IT security, with HR, with IT Infrastructure, with the SAP or Business Applications department, but also with all the other owners of applications throughout the whole organization.

Moreover, IAM affects everyone in an organization. Be it the daily (or more frequent) authentication exercise, be it waiting for approvals of access request, be it the manager's job of reviewing and recertifying access entitlements: All these tasks involve not just the IAM organization, but everyone.

Not only that, but IAM has long extended beyond "workforce IAM" into a discipline that needs to care for the identities of business partners, customers, and consumers, but also non-human identities such as services, software robots, devices, or things. Connecting everything and everyone and providing seamless, yet secure access to every service, regardless of where that service runs, is what IAM is about. IAM is a foundation for successful, well-secured digital business.

Making IAM a success with all the requirements that IAM must serve requires a strong IAM organization, and it requires a plan that is well-executed. It also requires sufficient funding. Experiences from many years of running, guiding, and reviewing IAM projects are compiled into a set of ten recommendations in this whitepaper.

2 Highlights

  • Requirements definition must consider trends and foreseeable future requirements, not just the current need

  • Stakeholders must be known, expe ...

Login Get full Access

3 Understand your requirements - of today and for the future

Requirement analysis is the foundation for success. It must not be limited to the known requirements of the past, but look at the future and incorpora ...

Login Get full Access

4 Stakeholder and expectation management - don't overpromise

IAM is a cross-divisional project. The list of stakeholders might be longer than expected. Understand whom to involve, and manage expectations by defi ...

Login Get full Access

5 Get a broad buy-in of everyone, based on realistic expectations

Talk with the stakeholders and understand their ideas and their concerns. This helps you delivering on the jointly agreed or at least accepted expecta ...

Login Get full Access

6 Create a modern, powerful IAM organization for all of IAM

IAM projects are part of an IAM program, and they need to transition into a defined manner into the IAM line organization. This requires having a powe ...

Login Get full Access

7 Build your own skills and learn from the experts

You will need external support to succeed in your IAM journey, and you most likely will need external support for running your IAM. However, don't mak ...

Login Get full Access

8 Don't start with the tool, but with the vision

The biggest risk in IAM projects is to start with the tool, without having a comprehensive list of requirements in place, and without having a plan fo ...

Login Get full Access

9 Prepare for change

IAM is about change management, always. Technology changes, required skills change, the way people work changes. Change management is key to success, ...

Login Get full Access

10 Set focus for IAM

Set your focus on IAM and don't try to solve all the challenges in your organization. Far too frequent, IAM must fix challenges such as weak quality o ...

Login Get full Access

11 Plan for a future-proof IAM, not the IAM of the past

There is constant evolution in IAM. IAM projects commonly run long. Together, it means that you must plan ahead to be modern when your project is done ...

Login Get full Access

12 Be pragmatic - define a program with small projects

Pragmatism is another success factor. Don't overengineer, but have a plan and understand which of the small steps you are making are heading in the ri ...

Login Get full Access

13 Recommendations

The previous chapters already included a series of recommendations. One more must be added. For the management, it is to give IAM a sufficient budget. ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.