Points of View - Inner
Seven Insights: How to Implement an Identity and Access Management Solution
Risks of unauthorized access or compliance deficiencies drive an urgency to implement an Identity and Access Management (IAM) solution. However, IAM programs can hold a number of unique challenges that lead to serious gaps or delays if rushed or overlooked. Below are seven insights to help you launch a well-equipped implementation program that is set up for success.
SET EXPECTATIONS EARLY ON FOR ALL INVOLVED GROUPS
In a large enterprise, IAM implementations may involve many layers of operations, governance, controls, production support, information security, service providers, labor or factory partners, and sometimes across multiple geographies. Bringing these groups to the table early allows them to fully understand and commit to the scope of their participation.
LAY THE GROUNDWORK
Beyond a technical solution, IAM requires a significant effort to establish the operational and governance landscape, standardize processes and finalize prioritization decisions. Prior to the technical analysis and architecture review, a foundational phase is recommended to accomplish this prerequisite work – laying the groundwork to effectively build the technical solution.
IDENTIFY AND PLAN FOR EVERY USER TYPE
Overlooked user types may result in critical gaps for operations. The provisioning, de-provisioning and review processes for full-time employees, contractors and temporary workers each present unique challenges for IAM. One of the most challenging user types may appear in the form of external partners requiring access to an enterprise system which may require extensive process and/or contractual changes. But all models should be fully mapped to verify a solution can accommodate all user types.
ESTABLISH AN EXHAUSTIVE INVENTORY OF ALL SYSTEMS
Overlooking system relationships can lead to user frustration and operational disruption. The existing process for enabling user access may involve more than just the target system. It may provide unexpected or locally isolated input for peripheral systems like labor management, time tracking, local operations solutions, equipment checkout, or partner data and processes.
EVALUATE ALL COMPLIANCE POLICIES AND CONTROLS
A new IAM system is beyond just a change in process, it requires updates to compliance policies and controls. Some policies require a simple refresh – such as approval delegation and segregation of duties. While other policies may substantially improve with a more capable IAM solution. For example, automation may enable more frequent access reviews or faster service level agreements.
IAM allows for almost no margin of error because of the high enterprise risk surrounding access security and the operational downtime risk in the event of provisioning errors or delays. As a result, the testing phase is especially critical. Plan for extra testing time and hold a broad stakeholder review of the testing plan to ensure the scenarios are entirely exhaustive.
ALIGN THE METHODOLOGY TO THE PROGRAM
Given the nature of IAM and its low risk tolerance, an IAM implementation can be difficult to reconcile with Agile concepts like Minimum Viable Product and continuous delivery. To adhere to Agile core principles, a gradual geography/location roadmap, incremental policy implementation, extended testing, and dark launches should all be considered. Ultimately, the methodology must work for the program, rather than the program being forced into a strict methodology.
About the Author
David Hazen is a Manager with Kenny & Company. He has experience across multiple industries and functional areas and holds a BS in Global Economics and International Business from Cedarville University. He has expertise in technology program management, project and program recovery, logistics, and supply chain management. He is a SAFe Program Consultant (SPC4), Certified ScrumMaster (CSM), and Licensed Customs Broker (LCB).
About Kenny & Company
Kenny & Company is a management consulting firm offering Strategy, Operations and Technology services to our clients.
We exist because we love to do the work. After management consulting for 20+ years at some of the largest consulting companies globally, our partners realized that when it comes to consulting, bigger doesn’t always mean better. Instead, we’ve created a place where our ideas and opinions are grounded in experience, analysis and facts, leading to real problem solving and real solutions – a truly collaborative experience with our clients making their business our business.
We focus on getting the work done and prefer to let our work speak for itself. When we do speak, we don’t talk about ourselves, but rather about what we do for our clients. We’re proud of the strong character our entire team brings, the high intensity in which we thrive, and above all, doing great work.
This article was first published at michaelskenny.com on October 22, 2019. The views and opinions expressed in this article are provided by Kenny & Company to provide general business information on a particular topic and do not constitute professional advice with respect to your business.
Seven Insights: What You Need to Know to Implement an Identity and Access Management Solution by David Hazen at Kenny & Company is licensed under a Creative Commons Attribution-NoDerivs 3.0 United States License .