Identity and Access Management (IDAM) solutions provide organisations with the ability to manage users’ identities and create logical access to an organisation’s applications. IDAM products identify, authenticate and authorise those users who utilise the organisations IT resources, as well as the hardware and applications employees need access to.
Investment in IDAM solutions is on the rise with the market forecast to grow to $18.3 billion by 2019. Regulatory compliance requirements are becoming increasingly complex and rigorous and with the introduction of GDPR, the need to demonstrate compliance is more prevalent than ever before.
Unfortunately for some, a commitment to IDAM doesn’t always guarantee an effective implementation, with those early adopters often falling foul of the common mistakes. With more ID implementations under our belt than we care to remember, here are a few pearls of wisdom we have collected along the way.
1. Who said IDAM was just a project?
Often IDAM is treated as a project from the very beginning, creating the impression that it has an end-date. This mentality can create all sorts of problems, with the solution doomed to fail without the necessary resources available to sustain it.
In terms of cyber security, it is important to see IDAM as a programme, ensuring current security systems and processes are continually and regularly updated with the relevant IDAM tools and practices that will help ensure the protection of the organisation.
For a successful implementation, companies need to change their mentality towards IDAM. It is an essential component of the business, changing and growing as the organisation does, and as such it should be intertwined with all enterprise strategies.
2. Educating end users
According to IBM, one of the fundamental reasons behind IT project failure is the inability to create the right mindset among users about change. By leaving the end user out of the loop, there is a risk that end users will not buy-in at the launch. By educating users from the very beginning about the implementation and why it matters, they should be able to see how IDAM will help them make their lives easier.
3. Automation expectations
Too often organisations have tried to push all IT applications and platforms under IDAM at once. The solution does promise to streamline processes that involve access management, as well as automating identity lifecycle management. However, this can complicate the design, making programme management incredibly difficult. Chunking up the process and staggering the move of applications to IDAM can prevent this from happening.
4. Customisation: The 80/20 rule
How can your IDAM solution be expected to run smoothly if its very foundations are flawed? Customisation is a popular feature, however too much can result in difficulties in maintenance and eventual abandonment of the solution. Pareto’s law applies here with his 80/20 divide. Only 20% of the IDAM solutions functionality should be made up of customised features, the rest should be out the box standards based functionality of the product. Beyond this, the infrastructure can quickly become unsupportable, resulting in a lack of longevity for the solution.
5. Failure to recognise the need for scalability
Overlooking the need to scale is a far too common mistake that befalls IAM project plans. It isn’t just growing IT size or emerging tech trends that need to be accommodated. The architecture must be able to scale over time in terms of response time performance as well as the administrative staff required to support it. An IDAM solution is not a one off, it is a growing and evolving entity and this must not be overlooked in the roadmap.
Being strategic when it comes to IDAM implementation can mitigate a lot of these mistakes. It’s all about aligning the solution with an organisation’s objectives and ensuring that the plan caters for the evolution of this alignment. Identity and access management programmes serve as business enablers for organisations, and with 79% of IT security professionals planning to, or already invested in IDAM, it is more important than ever before to make sure the implementation goes without a hitch.