The Business Value of IAM

Posted on by forteadmin in Business

Hey again!

The inaugural Seattle IAM User Group got kicked off last night with great success, and I enjoyed presenting thoughts on the value of game theory (decision science) and professional development on career and the IAM program and the great conversations that ensued.  More than once the “business value of IAM” came up with conversations around how we could increase our chances at gaining executive buy-in to our strategies and plans.  It just so happens that Forte Advisory fellow, Jeff Kistler, contributed a blog post on the same topic that I think will extend the conversation about the business value of IAM even further.

Enjoy the post, and as always feel free to leave your comments here or reach out directly or leave your comments below with your thoughts or suggestions.


@stevetout @forteadvisory


Organizations around the world are experiencing profound issues with their implementation of Identity and Access Management (IAM) and most are at a loss as to how they can reverse the perpetual problems and risk they are currently facing. Management of user permissions, roles, and authentication is a difficult job to say the least. With the onset of SaaS and cloud computing, how rapidly organizations are able to expand their services and capabilities far outweigh their ability to properly secure and manage their infrastructure while maintaining functionality.

In a 2014 Identity and Access Management Program Plan released by Harvard University1, they define Identity and Access Management as “a set of business processes and supporting technologies that enable the creation, maintenance, and use of a digital Identity. As such, the impact of Identity and Access Management to Harvard’s user community, application portfolio, and information resources is extensive”

I would argue that the term “extensive” is somewhat of an understatement. In fact, the mismanagement of IAM could actually be catastrophic to an organization and its proprietary intellectual data. Corporations today are all battling similar issues with their existing Identity management frameworks. Lost productivity, limited information sharing across applications, administrative overhead, and poor security implementation are just a few of the most common issues seen today.

[tweetthis]The mismanagement of IAM could actually be catastrophic to an organization and its proprietary intellectual data[/tweetthis]

CEOs may generally be far removed from the experiences a new employee might go through before they can begin contributing in a productive fashion, but trust me… They are certainly paying the price.2 MIT Slaon conducted research on getting new hires up to speed quickly which pulled statistics from the US Dept of Labor. What they found back in 2005 was interesting.

In today’s volatile economy, more than 25% of all workers in the United States have been with their company less than a year and more than 33% less than two years. Americans will, on average, change jobs 10 times between the ages of 18 and 37. And, of course, new employees are only part of the challenge — the constant state of internal restructuring in most organizations continually pushes managers to assimilate waves of employees suddenly transferred into new work roles and relationships.3

A survey of 610 CEOs conducted by Harvard Business School estimates that, “typical mid-level managers require 6.2 months to reach their break-even point in productivity.” Breaking even is the difference between the amount of money and resources invested in the new employee and when that employee actually begins contributing back to the company. 6.2 Months, even at a modest $20/Hour at 40 hours/week reaches the cost magnitude of almost 20k in wages alone. This can be multiplied exponentially by how many new hires a company might have or the wage rate at any given time.

So by now, you might be asking yourself, how does IAM apply to any of this, right? Consider that with such high turnover rates and the delay in ROI (Return on Investment) from new-hires there is considerable value in taking a closer look at how we might be able to increase productivity in a timelier manner.

As a CSO, believe it or not, you can help. First let’s go back to what IAM entails. As stated before, one of the primary features of IAM is Identity Management which by association is Access Management. Think about how long it takes for a new higher, new student or new customer to gain access to the applications, file shares, and services required to be productive. For smaller companies the timeline may look like days or weeks while larger companies the process can take months. Think about the forms required for each individual application, think about the intricate matrix of access roles and restrictions involved; the time we spend auditing and managing those roles. What about the various approval workflows for each one? And heaven forbid you get the access rights/permissions wrong.

IAM, if designed correctly should be simple and intuitive to an end user. Realigning your workforce should be seamless. The break-even point in productivity should be days versus months.

Harvard’s IAM program plan referenced above went on to identify 5 tenets that lead to a successful IAM program:

  1. IAM impacts everyone and everything
  2. IAM simplifies the user experience
  3. IAM enables research and collaboration
  4. IAM protects resources
  5. IAM facilitates technology innovation


I believe every CEO in the world would agree upon deeper consideration that there is a great deal of ROI (the business value of IAM) to be had through proper IAM implementation. The key to implementing a secure yet flexible, scalable, and streamlined IAM system is to take time to research what options you have, where your productivity is restricted and what solutions are available to you. The cost savings are worth the time and effort it takes to invest in consultation, do a little research, and develop an effective strategy that not only reduces time and cost to your organization, but also allows for scalability and expansion in the future.

  1. Source:
  2. Source:
  3. Source:


BIO: Jeff Kistler has worked 5 years as a DHS Intelligence analyst and has over a decade of experience in Information Assurance and System Security Implementation for the DoD. Today, he leads a team of Cyber Security professionals protecting complex systems for the DoD Naval Aviation Community.


Subscribe to Forteadvisory group news