The implementation of an identity and access management strategy is not something you do overnight. The importance of it is not to be understated. If you’re not already convinced read our article top reasons to start with IAM.
An IAM strategy is not only necessary from a security point of view but also enables improved productivity, reduced user friction, cost reduction and easy auditing and reporting.
WHAT IS AN IDENTITY AND ACCESS MANAGEMENT STRATEGY?
An Identity and Access Management strategy has the following goals within an organization. It has to explain the needs and value of the IAM concepts and capabilities to both the technical management and to the business management. Furthermore, the strategy has to give a clear overview of the current state of the Identity and Access Management concepts within the company. It needs to be followed by the definition of the desired future state, which includes reviewing and determining requirements with all stakeholders. Last but not least, an IAM strategy should contain a achievable roadmap to define in which sequence the different aspects should be executed.
Of course, a complex strategy like this does not stand on itself. You need tools and resources to make it work. Check out the solutions and tools IS4U offers to create, implement and run an efficient IAM Strategy.
THE STAKEHOLDERS FOR A SUCCESSFUL IAM STRATEGY
Developing a well-defined strategy is crucial for the success of any IAM initiative. Developing such a strategy cannot be approached by a single department or business unit and requires multiple stakeholders as it takes a lot of time, different kinds of expertise, effort and support to develop.
A short overview of the possible stakeholders:
- CIO and CISO: Chief Information Officers and Chief Information Security Officers have important roles within Identity and Access Management solutions. CIOs and CISOs are crucial stakeholders in an IAM strategy, as they are key deciders on strategy and budgets.. A long term initiative like the implementation of an IAM Strategy is impossible without the proper funding and support.
- HR: It goes without saying that an IAM strategy is of a paramount importance for the HR Department. With a well-defined IAM implementation the on boarding and off boarding of employees decreases in complexity and reduces human error, resulting in time and money saved. Besides life cycle management, IAM solutions also provide a better employee experience and accurate user data.
- IT-managers: More often than not, IT-managers are responsible for the application platforms, the help desk and the infrastructure. Efficiency, centralization and cost-savings are therefore important factors. As IAM solutions can provide more efficiency, reduce administration, improve availability and reduce calls through self-service, these IT-managers are an important stakeholders when it comes to the development of an IAM strategy.
- Business Owners: Specific business, application or process owners have bespoke needs and should be included in an IAM strategy. It is the business owners that typically have more fine grained requirements concerning access controls than other stakeholders. These requirements however need to be aligned with the IAM strategy to determine the underlining identity models required for enabling role based, attribute based or relationship based access controls.