By Stephen Mowll, Director, Product Management Lead at RSA
It’s no secret that effective identity strategies are based on business goals. But how can you improve the chances that your strategy will succeed?
Of course you want your identity and access management strategy to help your business be more agile and efficient. But for that strategy to be effective, you have to direct it toward a specific desired outcome. Let’s look at what that means exactly, using Active Directory (AD) projects as an example.
Success Is Relative
Consider this scenario: If, after a year-long effort, your strategy has taken you to the goal of full Active Directory (AD) automation with your identity and access management program, have you been successful? It depends. One organization I know saved three man-years with AD automation, while another saved only one. But in the first case, AD requests constituted only 4% of all access requests; in the second, they represented 75% of all requests.
When you look at the larger business context surrounding the achievement, it’s obvious the second organisation made a bigger impact on business agility and efficiency, even though it saved fewer man-years. The point is, it’s easy to fixate on the fact that you’ve completed a task, but lose sight of what you gained (or didn’t gain) by doing so. For this reason, it’s important to be clear about how you’ll define success and to have metrics in place to demonstrate you’ve reached the desired outcome.
Perspective Is Everything
Staying with the example of an AD project, it makes sense to try to shorten design-and-build cycles by leveraging previous work, including collective wisdom and existing data sources. But consider the pitfalls. There may be internal network access restrictions, limited access controls and groups, and so on. To overcome these, take a step back to look at the design from the perspective of the consumer (user of the service), customer (the ones that pay for it), or regulator (the actual standard that dictates the project’s requirements).
This shift in perspective can help determine an appropriate strategy. Here are a few basic rules to help maximise your project’s business value:
- Live inside the box. Always exploit any native capability available to you, whether it’s the AD environment or software. Why invest in creating or changing something you don’t have to?
- Minimize complexity. Not everything must be automated. Many organizations have at least a few manual processes that are effective. Again, why change something you don’t have to?
- Know what you need. Overly complex and costly compliance projects, for example, are sometimes caused by trying to satisfy framework controls that may not even be required.
- Remove the “cool” factor. Just because you can do something that’s fun to geek out on doesn’t mean you should. Making a project easy for users is cool in its own right; keep it simple.
Stephen Mowll will join us at #SDI18 in March to discuss ‘The Secrets of Identity Success’, to find out more info or to book, click here.