As we said at the start of this KC Navigator series on IAM, it has never been more important for organizations to have absolute control over who and what can access business critical data and systems, but the growing statistics of cyber-attacks, means that many organizations are failing to do this as well as they could.

Due to the fact that a high proportion of cyber-attacks exploit stolen credentials and the growing regulatory requirements to limit access to sensitive information to an absolute minimum and provide audit logs of all user activity, there is an undeniable need for all sizes of organizations in all industry sectors to have effective IAM controls, especially as traditional network perimeters disappear and enterprise infrastructure becomes increasingly complex, heterogeneous and hybrid.

At the same time, IAM is moving beyond IT security and privacy compliance to become a valuable enabler that drives business performance, digital transformation, and competitive advantage. It is therefore extremely important for enterprises to have the capability to manage identities effectively in a rapidly changing business, regulatory and IT environment to ensure they remain competitive, compliant, and secure.

As a result, many organizations are reviewing their IAM capability and planning new IAM projects. However, business cases for new IAM projects may be difficult to make because of past project failures and the resultant reluctance of the business to invest further.

It is therefore important for organizations embarking on new IAM project to be aware of the biggest risks and pitfalls as well as the best practice approaches for avoiding or mitigating these risks to ensure that IAM projects do not stall or fail. 

Decentralized identity solutions typically address identity proofing and the secure storing and sharing of identity credentials

— Martin Kuppinger, Principal Analyst at KuppingerCole

Because we understand how important it is to keep IAM projects on track and ensure they are successful, and because we are committed to helping your business succeed, KuppingerCole has a content on this topic available in a variety of formats.

Audio & Video

A good introduction to the topic of ensuring IAM project are successful, is this series of video blogs by Principal Analyst Martin Kuppinger, in which he sets out the main reasons that IAM projects typically run into difficulties, examining in turn each one of these factors and recommending ways of ensuring they do no cause projects to stall.

Fellow Analyst Graham Williamson also addresses the topic of successful IAM projects in two Analyst Chats, focussing on the importance of a Solution Architecture and Project Management.


Providing a written complement to some of the issues identified in the video series above, in a blog post, Martin Kuppinger shifts focus away from common causes of failure to focus instead on Critical success factors for IAM projects.


Practical experience in anything is invaluable, including how to make an IAM project successful. For concrete recommendations, based on the experience of several experts from companies in various industry sectors, and KuppingerCole’s own knowledge and experience, have a look at this whitepaper entitled: The Journey to IAM Success.


Picking up on similar themes, but in the narrower context of Identity Governance and Administration (IGA) that can be applied to the wider area of IAM, have a look at this leadership brief on the Typical Risks and Pitfalls for IGA Projects, which also includes concrete recommendations in terms of business alignment, organization, implementation, planning, and technology.


Many IAM projects struggle or even fail because they take too long to demonstrate their benefits. Quick-wins that are visible to the end users are a key success factor for any IAM program. For more information on how to achieve quick-wins, and the importance of having a stable foundation for IAM, have a look at this webinar entitled: IAM for the User: Achieving Quick-wins in IAM Projects.