Commissioned by iC Consult
1 Introduction / Executive Summary
IAM projects have some reputations for stalling. Many projects started big and delivered under expectations. There are reasons for that, starting with the complexity of IAM (Identity & Access Management) being cross-divisional. It is about interfacing with IT security, with HR, with IT Infrastructure, with the SAP or Business Applications department, but also with all the other owners of applications throughout the whole organization.
Moreover, IAM affects everyone in an organization. Be it the daily (or more frequent) authentication exercise, be it waiting for approvals of access request, be it the manager's job of reviewing and recertifying access entitlements: All these tasks involve not just the IAM organization, but everyone.
Not only that, but IAM has long extended beyond "workforce IAM" into a discipline that needs to care for the identities of business partners, customers, and consumers, but also non-human identities such as services, software robots, devices, or things. Connecting everything and everyone and providing seamless, yet secure access to every service, regardless of where that service runs, is what IAM is about. IAM is a foundation for successful, well-secured digital business.
Making IAM a success with all the requirements that IAM must serve requires a strong IAM organization, and it requires a plan that is well-executed. It also requires sufficient funding. Experiences from many years of running, guiding, and reviewing IAM projects are compiled into a set of ten recommendations in this whitepaper.