Monday, January 5, 2009

IDENTITIES ARE PEOPLE TOO

There’s a people side of the equation that’s all too often overlooked when companies implement a new IT solution and expect it to be embraced. The people impacted may not want to use it because they don’t know how or they don’t fully understand the value. Sound familiar?

I have spent the past two years working in the Identity and Access Management (IAM) space – more specifically the user Administration and Auditing aspects of IAM. These areas of IAM allow for the requesting, approval, granting or provisioning, and verification of system access for an identity. When you consider that these aspects of IAM are the most visible to the organization and have a direct impact on the ability to carry out day-to-day responsibilities, it seems that any improvements to these processes and technologies would be embraced. However, this isn’t always the case.

How many business folks really understand IAM and how these concepts impact them? IAM can be very ambiguous to those on the business side, and therefore just not that easily embraced.

Identity and Access Management projects are most often driven by technology departments. Business sponsorship may be weak or completely non-existent. Business drivers aren’t always well communicated. The actual "people" impacted by IAM initiatives are often forgotten as the concepts and terminology of IAM are more technology focused. The constant reference to “identities” instead of “people” can further de-humanize the IAM effort.

The outcome of an IAM project should be viewed as a win-win for both the IT and business sides of an organization. Information Security has a centralized point for maintaining the "keys to the kingdom" and the business users are provided with a slick web interface and processes for requesting system access, as well as ensuring access remains current.

But when and how should the "win-wins" be communicated? And, am I accurate in suggesting that this communication will make or break the success of an IAM implementation?

To support an article on this topic I am writing for industry publications, I'd like to solicit your comments and help me to find answers to these questions:

1. What role does the IT organization play in breaking down the techie speak and ambiguity associated with IAM?
2. How can IT help sell the value of IAM to the business users?
3. How can business engagement be secured and maintained throughout an IAM effort?

The goal of my research is to define best practices for overcoming these implementation issues, helping to make IAM initiatives successfully deployed across the enterprise.

Looking forward to hearing your thoughts!

3 comments:

Anonymous said...

Can anyone recommend the robust RMM utility for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: N-able N-central remote windows login
? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!

Anonymous said...

"Hey - nice webpage. Just checking out some blogs, appears a pretty awesome system you're using. I am presently employing Wordpress for a couple of my weblogs but I'm not pleased with it so significantly. I'm looking to alter a single of them more than to a system similar to yours (BlogEngine) being a trial operate. Something in specific you would recommend about it?"

--------------------------------------------
湾区留学生
Also welcome you!

Anonymous said...

If you are open to having a guest blog poster please reply and let me know. I will provide you with unique content for your blog, thanks.