Culture Eats IAM for Breakfast

Posted on by Steve Tout in Management

It’s been said that you can’t fix culture. Focus on the business and the rest will follow. (See April 2016 HBR cover story) Within every organization, the values and people that shape the culture will ultimately affect how IAM is directed and managed. They are often invisible powers, but if you look and listen closely, the “invisible hand” will present itself to you, and unlock a key to success in your IAM program.

Then @brennantom posed a great question to Shark, Robert Herjavec: “what’s better for investment, process driven results or disruptive technologies?” I immediately flipped the question to ask, what is better for business, process driven change or disruptive change?  With nearly every industry seeing its share of disruption, from healthcare to transportation, social media and hospitality, cloud and digital have turned old business models upside down and enabled new ones with digital transformation and cloud computing.

For IAM and cybersecurity leaders in established corporations, the rule of the day is often driven by linear growth and process driven results. Old school managers and leaders look at turning 5-10% ROI and calling it a day. But is that really winning? And will companies who stay on this straight and narrow path survive?

Considering your company’s assets from a potential hacker’s point of view, there is no hacker who is conservative in his outlook, who stops after a handful of attempts to steal sensitive data or gain access to intellectual property.  The insider threat is a growing concern as well, with SailPoint’s recent global survey suggesting that 20% of employees would sell their passwords to a 3rd party, more than 25 percent uploaded sensitive information to cloud apps with the specific intent to share data outside the company, and one in three employees purchased a SaaS app without IT’s knowledge, a 55-percent increase from last year.

IDC predicts that greater cloud spending will exceed $500B by 2020 – almost 3X what it is today. Somewhere in that spend there must be dedicated budget for advanced security and modern IAM capabilities to ensure the confidentiality, integrity and availability of customer data. The way I see things, the “safe” linear process-driven approach to change management has no chance of keeping up with the disruption that digital technologies and cyber threats pose to the business.

What’s a leader to do?

Too often, lip service is paid to innovation, but funds are not allocated in a way that addresses change holistically. For example:

The business wants to enable a superior customer experience end-to-end to drive increased conversions and renewals.

The CIO wants to support the company’s own R&D efforts at the expense of speed and efficiency of cyber and IAM.

Employees don’t want to have to remember hundreds of passwords and enter in their MFA token 6 or 12 times a day.

The CISO wants visibility into where sensitive data exists and ensure that detective and corrective controls address violations to policies.

Directors with big egos are replacing complex legacy WAM systems with equally complex and expensive solutions.

Who is deceiving who?

After 15+ years seeing how culture and politics affect the outcome of IAM initiatives, I cannot help but be slightly jaded. If you are the IAM or security architect trying to lead innovation and transformation within your company, struggling to convince stakeholders of a compelling justification and ROI, it doesn’t take long to look at the culture and see what is driving decisions. Whatever the culture, how much tolerance there is for disruption and allowance for innovation will ultimately determine the speed and ability of IAM to support business transformation. Make sure your professional and career goals are able to be met the company leaders and the values they hold. Your skills are in high demands, and you can always find a company who will appreciate and value your contributions.

Business and technology leaders: make sure that expectations of the business and employees match. One group wants to start a revolution; the other group wants business as usual. Check in on your own values and experiences. Good bosses and managers will create more wellness than wellness plans do. If there is a lot of friction going on, you are doing yourself and the business a disservice. Implement positive changes today!

Own your own success

own-your-successIn this country, employment is at will. That means, you are one bad day away from losing a rock star employee or losing your job. What has worked in the past is no longer working. While technology does a fine job of rapid innovation and change on its own, the rate of innovation and adoption inside of your company is a major pain point for customers and employees alike. The company culture and human factors – and their effects on the IAM program – cannot be understated.

You can begin the transformation of yourself and your career today, and doing will ensure you have the most positive impact on your job and those around you. Here are a few points to consider as you get started.

  1. Make yourself the CEO of your life and career – if you don’t manage yourself, someone will be more than happy to manage you. One brings pleasure, the other pain.
  2. Form new alliances – regardless how your boss sees the industry, innovation and disruption is happening all around. Be the first to embrace it, expand your knowledge and experiences, and either plan to solve the idiosyncratic challenges inside your company or go somewhere where you can solve them.
  3. Map the customer journey – identity is certainly at the center of it all, but if it fails to provide a superior customer experience, it won’t be long before the business begins to fail, and either gets acquired by a competitor or goes out of business. Companies of any size need to be intensely customer focused, and as a leader and architect of cybersecurity and IAM, you can play a central role in figuring it all out and enabling better end-to-end customer experiences.
  4. Lead with humble confidence – Employees are not slaves, and as the market heats up putting further demands on scarce cybersecurity and IAM talent, horrible bosses end up in a weak position. Karma has a good reputation of coming back and haunting bad managers; may you develop a human workplace with humble confidence.

If you feel like your job is a prison and are not energized by the projects you work on or the people you work with, it might be time for you to move on. In Steve Job’s words, “Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life.”  Life is too short to stay stuck in a dead end job or to work for horrible bosses.

Culture is a crucial dynamic to wrap your arms around and understand in order to know what challenges lie ahead in your current or next project. But that’s not all.  Join my webinar on May 5th, Improve CX, Productivity, Revenues and Security with Identity Coherence, to learn more about my blueprint for creating massive value and success in a multi-vendor, multi-cloud world.  Sponsored by Cloud Security Alliance.

You may also catch me at Cloud Identity Summit on June 9th where I’ll be presenting Career Development for IAM Professionals.

Founder & CEO of Forte Advisory, Steve Tout is an entrepreneur and domain expert in IAM strategy, architecture and operations. Steve was recently a Director at PwC in their advisory practice.  Prior to PwC, he was the head of IAM at VMware where he designed and managed customer and partner facing systems to support VMware’s explosive growth into a $6B company.

Follow @stevetout on Twitter

Subscribe to Forteadvisory group news