Identity Management Success

Hello Readers!

Today’s topic explores risk, response, and planning considerations. Within the Identity Access Management Realm, organizations often take tactical responses to new business challenges. Common reasons include compliance, cost avoidance, cost reduction, audit demerits, partner/supplier pressure, and incident response. When taken individually, these reasons may necessitate tactical responses to strategic business issues. For instance, a new regulation imposed in one country of operation, may necessitate rapid application changes to support data privacy/isolation, or a custom encryption method for transporting data in the base country of operation. Consider the following “What if” scenarios from an organizational perspective. How would your organization respond? Would the tendency be toward a reflex action, or a strategic, board-level change of direction?

What if……….

• A key laptop was stolen from an HR Director, Senior Systems Administrator, or Broker?
• The EU poses a new regulation that affects storage and communication of user data?
• The SEC poses a new regulation that affects transaction tracking?
• The organization has hundreds or thousands of disparate servers, platforms, and applications that are managed individually, including user accounts?
• An outside auditor penalizes a company for improper transaction record retention?
• An outside auditor penalizes a company for inadequate separation of duties?
• One or more authentication / authorization systems become unavailable?
• Senior-level members of an organization are tired of remembering so many passwords?
• An organization had to spend hundreds of thousands of person-hours extracting, collating, formatting, and delivering audit and transaction reports?
• Your helpdesk spends 70% of its collective day managing passwords, group membership information, and general user profile data?

The list could go on, but the very real client scenarios above (and many, many, others) have driven tactical (i.e. “let’s run out and buy something that will fix the problem”) responses, strategic (i.e. “let’s consider the problem, how it affects, what are the root causal factors, how we can best leverage our existing people, assets, and partnerships to ensure that the problem is not only addressed, but that the organization is equipped to deal with future problems — aka ‘future proofing’ “), or hybrid (i.e. “let’s address this one problem quickly, while ensuring that the temporary measure aligns closely with the longer-term strategic direction.)

There is no “one size fits all” answer to the aforementioned scenarios. Organizations are unique, even within well-defined industry verticals; each having its own culture, business, and political considerations. As it said at Delphi: know thyself. The same holds true for organizations considering Identity Access Management Programs, ERP Solutions, Portfolio Management, or other Strategic IT Initiatives. It is crucial that organizations invest in their own cultural understanding, and ascertain how to effectively and holistically respond to real-world “what if” scenarios. From the Links Business Group, LLC perspective, the optimum state is the tactical-strategic hybrid approach. Before listing the benefits, it is important to mention that a successful hybrid approach requires a strategic foundation (people, policy, process) to be properly created, documented, and communicated to internal and external stakeholders.

Key benefits of the hybrid approach:

• Reduced time to market
• Process and development re-use
• Ease of integration with both legacy and future-state applications
• Future-proofing
• Reduced maintenance

Two examples of hybrid approach Identity and Access Management Solutions:

• Use of Virtual Directory technologies to collate, centralize, re-design, and re-purpose existing repositories of Identity. A tactical organization would build a Virtual Directory and just leave it there. The agile hybrid organization would take the opportunity to build a flexible, standards-compliant directory service, that is modeled and deployed in the Virtual Directory while building a new centralized directory that will serve as the enterprise “book of record.”
• Use or provisioning technologies to centralize the management and reporting function. When properly implemented, enterprise provisioning tools provide a scalable way to gain administrative control over large numbers of disparate resources, within a relatively short period of time. The tactical organization would just deploy some basic provisioning and forget it. The hybrid organization leverages the data for reporting, audit baselining, and workflow automation, while working behind the scenes to centralize applications into an enterprise LDAP directory service. The strategic direction for such an organization would be to push all applications and platforms to “externalize” (i.e. use a means outside themesleves) authentication and authorization functions. As applications gradually externalize, the number of “target” systems, or systems that must be uniquely maintained for Identity Provisioning are reduced.

In summary, always strive to keep your organization forward-thinking when considering new purchases, programs, projects, or custom development. Apply the same litmus test to vendors as you would apply to any internal build/buy decisions. Ensure that vendors and products always conform to your strategic direction — or at least be willing to change as needed to meet your requirements. Ensure that new products under consideration will not introduce significant management overhead, cost, or support requirements solely to address a short-term tactical need. Application infrastructures that require significant support infrastructure must be capable of delivering real and measurable ROI to the organization, while addressing key strategic initiatives.

Need help sorting things out? Looking for a second opinion? Links Business Group, LLC can help. Call us today at +1 877 769 8938 or send email to request a complimentary initial consultation. Thanks for reading our blog, and we look forward to working with you in the future.

Until next time, all the best, of Identity Management Success.

Corbin H. Links, President
Links Business Group, LLC