Commissioned by iC Consult
1 Executive Summary
While IAM projects have a reputation of being complex and bearing the risk of failure, making such projects a success is by no means "rocket science". It is a matter of thoughtful planning. It is a matter of proper execution. It is a matter of good project management and project governance.
Success is also a matter of choosing the right partners and technologies. Picking the right technology or technologies starts with the requirements analysis. While most organizations have some focus on that part, there is less emphasis on identifying the right partners. However, partners help in making projects a success, from guiding through the conceptual phases, supporting in the choice of tools, to implementation and operations.
These stages, starting with the implementation, followed by customization, and leading to operational support over years, are essential for making an IAM project a long-term success and for transitioning from project into production.
A key element in that transition and the ongoing operations is the definition of a TOM (Target Operating Model), which describes the various functions within an IAM organization, and the responsibilities for these functions. Responsibilities in modern, IDaaS based IAM implementations, are commonly split between multiple parties. Aside of internal IAM and business teams, there are commonly both MSPs (Managed Service Providers) and the CSPs (Cloud Service Providers) for the IDaaS service involved. Dealing with multiple parties requires a clear definition of provider and tenant responsibilities, as well as a strong IAM governance.
Another key factor for project success is getting away from traditional, customization-heavy approaches towards standards-based implementations that utilize the out-of-the-box capabilities of software. Wherever customization is needed, there needs to be an approach favorizing configuration over coding, and for segregating custom code via APIs (Application Programming Interfaces).
A one-stop-shopping approach can help in mastering the inherent complexity of IAM deployments and operations. It reduces the number of involved parties in a program or project, and thus simplifies the assignment of responsibility. The dependency on a single provider that arises in such approach must be balanced against the advantages. Aside of limiting the complexity within the TOM, advantages can stem from increased consistency in the approach for configuring and customizing the solution. The more the partner acts as both MSP and CSP, the higher also the chance that the partner will provide a high degree of standardization based on best practices in the solution, limiting the customization effort.
Making IAM programs and projects a success requires a thorough understanding of the requirements, well thought out decisions about the tools, the right organization, and the right partnerships.