Identity & Access Management is a perfect example of what happens when IT departments approach a basic problem with a too narrow focus. In the end, they wind up having to broaden both their scope and their financial commitment. And often, they find themselves operating multiple parallel solutions that are hard or impossible to integrate.
IAM is all about administering identities and access permissions, so you need to know who is who and what he or she is allowed to do. But in fact it is really about protecting vital information that is being stored on systems within or outside the company.
This in turn means that not only your own employees, but also external people (business partners, customers, potential leads) need to be able to access your information. Ideally, an IAM solution will be able to handle these different types of internal and external users in a unified fashion.
To understand this, just look at a real-life example. Let’s say a bank client is also an employee of that bank. Or take an insurance company: An employee could also sell insurance policies on the side, and also be a policy holder. Or what about car manufacturers? Their employees own cars, don’t they - possibly even cars they themselves helped to assemble.
We could go on, but one thing rapidly becomes clear: An individual can have multiple dealings with your enterprise depending on which role he or she happens to be playing at a given in time. In each role, he or she will need specific access rights to your system, and this obviously calls for some very sophisticated Rights Management.
In reality, individual employees are usually registered in multiple systems which are different from those that handle access requests from external users such as field personnel, clients, and suppliers, just to name a few. Of course these people need to have access from wherever they happen to be located right now.
Unfortunately, we often still hear IT professionals saying things like: „Our first concern are our own people!“ And while it is perfectly okay to take this position in the beginning of an implementation, you won’t get very far if you stick to such navel-gazing. Sooner or later you will run up against compliance issues that transcend simply watching your workforce. Instead, it will be necessary to define a strategy that will cover all types of users and access methods.
By restricting your thinking from day one of a project, you are actually building roadblocks into your systems. You need to think ahead and design individual solutions that are expandable and flexible – the „think big, start small“ stuff mentioned above. Starting small means you will be able to reduce the complexity of a project. However, small projects need to be seen from a detached prospective, namely as a part of the overall “Big Picture”.
Of course this goes not only for IAM, but for IT in general. Many projects currently being run by IT departments are the result of relying in the past on point solutions that now require integration. The trick here is to keep your eye on the Big Picture and choosing the right steps to get there. This means giving yourself enough elbow room to proceed flexibly, but it also means addressing the actual needs of business and making sure that the technology chosen is the right one for the job.
Created: 29.08.11, modified: 06.10.11