Wrapping up a week spent talking with customers and partners and conversations that keep popping up are not surprising. In spite of IAM enjoying increased attention from the business and security community, there is a predominate focus on the technology vendors, cloud, and security with little mention of how they actually get implemented. One sentiment I encountered this week from a global consulting services provider – where budget is seemingly endless and far from a constraining factor – is that IAM deployed into customer environments pretty much on demand. The revenues realized from IAM implementations by the consulting provider were nothing more than a “rounding error” to the overall revenues. This sentiment is not shared alone as IAM is often overshadowed by the larger security program from an operational and budget perspective. In typical fashion, it leads me to ask the question: how strategic is IAM to your business?
Philosophy Determines Outcomes
For those organizations whose driving values and beliefs are that “IAM is nothing more than SSO” or that “it’s a rounding error” will continue to be in the same position as they always have been in. For those organizations who believe that a successful IAM program happens when you implement a Ping or an Okta solution are focused on the wrong set of problems. Leaders who believe that their IAM solution is used for providing SSO to applications are not well enough informed about the issues. It doesn’t take very many conversations with IT leaders to see the effects when IAM and security are an afterthought.
One of my favorite mentors, Jim Rohn, has said “Philosophy is the major determining factor of how your life works out.” The same is true in organizational life as well. You might think that it’s about choosing the best vendor or the best technology. But let’s be honest with ourselves. It’s not about technology. Your philosophy, how you think about IAM, determines the ultimate success the organization will realize from its investments.
[tweetthis]How you think about #IAM determines the ultimate success the organization will realize from its investments.[/tweetthis]
How Strategic is your IAM?
As leaders within your organization, we need to train managers to stop throwing technology at every problem. As an organization, there are many stakeholders who ought to be better educated on the impact that IAM has on the customer, revenues and the business. Consider these questions:
- Have you thought through the impact that ineffective or broken IAM has on conversions, renewals and retention?
- Do you have any sense for how ineffective or broken IAM has on CSAT and customer experience?
- Have you attempted to quantify the impact that ineffective or broken IAM has on employee productivity?
- What is the real cost burden to audit your IAM systems for compliance and risk management on an annualized basis?
- Does your cloud service provider or CASB provide visibility into when there is a violation to a policy and a systematic way to dynamically enforce policies on users and resources based on a user’s risk score?
While I certainly have ideas and preferences about which technologies ought to be used for a reference architecture, a lot of times interventions are required in the way IAM is integrated and managed that make the difference between highly leveraged IAM infrastructure and “just a rounding error” on your OpEx P&L.
[tweetthis]Changes in your philosophy are of far greater importance than which vendor or partner is providing your #IAM services.[/tweetthis]
So how strategic is your IAM program? I argue that changes in your philosophy are of far greater importance than which vendor or partner is providing your IAM services. Even as the IAM market is set to double from 2014 to 2019 (note) it is critical to look at IAM as a program, not another IT project and to explore how IAM will enable better customer experience and drive top line revenue growth!
To explore this topic more in depth, please download our whitepaper Managing IAM in Uncertain Times: A 5-Step Approach to Managing Identity & Access Management.