Commissioned by iC Consult
1 Introduction / Executive Summary
IAM projects have some reputations for stalling. Many projects started big and delivered under expectations. There are reasons for that, starting with the complexity of IAM (Identity & Access Management) being cross-divisional. It is about interfacing with IT security, with HR, with IT Infrastructure, with the SAP or Business Applications department, but also with all the other owners of applications throughout the whole organization.
Moreover, IAM affects everyone in an organization. Be it the daily (or more frequent) authentication exercise, be it waiting for approvals of access request, be it the manager's job of reviewing and recertifying access entitlements: All these tasks involve not just the IAM organization, but everyone.
Not only that, but IAM has long extended beyond "workforce IAM" into a discipline that needs to care for the identities of business partners, customers, and consumers, but also non-human identities such as services, software robots, devices, or things. Connecting everything and everyone and providing seamless, yet secure access to every service, regardless of where that service runs, is what IAM is about. IAM is a foundation for successful, well-secured digital business.
Making IAM a success with all the requirements that IAM must serve requires a strong IAM organization, and it requires a plan that is well-executed. It also requires sufficient funding. Experiences from many years of running, guiding, and reviewing IAM projects are compiled into a set of ten recommendations in this whitepaper.
Requirements definition must consider trends and foreseeable future requirements, not just the current need
Stakeholders must be known, expe ...
3 Understand your requirements - of today and for the future
Requirement analysis is the foundation for success. It must not be limited to the known requirements of the past, but look at the future and incorpora ...Login Get full Access
4 Stakeholder and expectation management - don't overpromise
IAM is a cross-divisional project. The list of stakeholders might be longer than expected. Understand whom to involve, and manage expectations by defi ...Login Get full Access
5 Get a broad buy-in of everyone, based on realistic expectations
Talk with the stakeholders and understand their ideas and their concerns. This helps you delivering on the jointly agreed or at least accepted expecta ...Login Get full Access
6 Create a modern, powerful IAM organization for all of IAM
IAM projects are part of an IAM program, and they need to transition into a defined manner into the IAM line organization. This requires having a powe ...Login Get full Access
7 Build your own skills and learn from the experts
You will need external support to succeed in your IAM journey, and you most likely will need external support for running your IAM. However, don't mak ...Login Get full Access
8 Don't start with the tool, but with the vision
The biggest risk in IAM projects is to start with the tool, without having a comprehensive list of requirements in place, and without having a plan fo ...Login Get full Access
9 Prepare for change
IAM is about change management, always. Technology changes, required skills change, the way people work changes. Change management is key to success, ...Login Get full Access
10 Set focus for IAM
Set your focus on IAM and don't try to solve all the challenges in your organization. Far too frequent, IAM must fix challenges such as weak quality o ...Login Get full Access
11 Plan for a future-proof IAM, not the IAM of the past
There is constant evolution in IAM. IAM projects commonly run long. Together, it means that you must plan ahead to be modern when your project is done ...Login Get full Access
12 Be pragmatic - define a program with small projects
Pragmatism is another success factor. Don't overengineer, but have a plan and understand which of the small steps you are making are heading in the ri ...Login Get full Access
The previous chapters already included a series of recommendations. One more must be added. For the management, it is to give IAM a sufficient budget. ...Login Get full Access