Leadership Brief

How to set up your IAM organization

A technology-oriented approach to identity and access management (IAM) is becoming less important as identities become more diverse and access requirements grow. As a result, CISOs and IAM Security Officers are struggling to promote and develop the maturity of skills in the silos of technical identity management services. Adapting the structure of IAM organizations so that they are based on a service capability model helps to address key challenges in managing a broad portfolio. In this Leadership Brief, the most important topics about a complete IAM organization and some of the pitfalls to avoid are discussed.

Christopher Schütze


1 Introduction

Not every Chief Information Security Officer (CISO) knows that IAM is possibly the most critical component in their portfolio. Delivering capabilities and services that protect the organization’s data, systems, and applications from unauthorized access is a complex area.

The complexity of permissions for devices and applications, combined with an endless stream of privacy and regulatory requirements, challenges the effectiveness of traditional IAM capability models. Organizations need to change their strategy and the way IAM provide solutions, to enhance productivity while addressing a constantly changing number of identity and access requirements.

Creating an IAM organization that can deliver new, innovative and applicable solutions is critical as organizations and technologies evolve. Equally important is the ability to deliver enterprise IAM services that meet the rapidly changing access and compliance requirements, while increasing productivity and reducing IT management costs.

Continue reading...
Read the full report and get access to KuppingerCole Research for 4 weeks.
Start Your Free Trial
Already a subscriber? Click here to login.