In Part I of this series, we covered why a corporation may (or may not) need an Identity Management Roadmap. In this post, we'll briefly cover its prerequisites.

Roadmap Development should be viewed as a discrete task that is only one component of an Identity Management Workshop. In fact, Roadmap Development should be the last (or one of the last) tasks in your identity management assessment. Here is a brief description of a few items that you should have explored during your workshop prior to the task of Roadmap Development:

1. Drivers

Your organization's business drivers for the IAM (Identity & Access Management) initiative will set the overall tone of the workshop, and should be the first item you discuss. Based on a detailed discussion of the drivers, an Identity Initiative Definition document should be drawn up, that labels your drivers, and a brief paragraph that explains each one and how it relates to your initiative. For example, a business driver may be "Acheiveing Compliance to XYZ Regulation", where the description describes why its important to your organizatoin.

2. Use Cases

For each driver, a set of use cases should be developed that explains in human readable language, the scenario you are facing, and a description of the expected behavioral response of the identity management system.

3. Business Process Analysis

Business Process Analysis is probably a heavy term for what needs to be accomplished here. Part of the Identity Management Scoping Exercise will identify all processes, user populations and target systems in scope. An analysis of the in-scope processes should occur in order to measure complexity of any process re-engineering and technology mapping efforts.

4. Technical Infrastructure and Competency Analysis

A survey of the current infrastructure will provide insight into the complexity of integrating an IAM solution, as well as the assets currently owned by your organization that may be leveraged as a part of the solution. During our workshops, we often find clients own more than they know - a finding that saves significant software dollars.  Also, an assessment of your organization's technical competencies is important, in order to take training prep into consideration during roadmap development. 

5. A Proposed Logical IAM Architecture

By creating a suggested logical IAM architecture prior to creating a roadmap, your organization will unearth technical dependencies between the various components of your identity management solution - a key finding that will inevitably impact how you lay out your roadmap.

 - - - - - -   

Hopefully the points above have elucidated why an efficiently orchestrated Identity Management workshop will not dive head first into the tricky task of Roadmap Development. A lot of prep work has to be completed in order to lay the right foundations for the task. In the next section of this series, we'll focus on the actual tasks of developing a roadmap.

IAM Program Data Sheet


Ash Motiwala

Ash Motiwala

I’ve been in the identity space for most of my career, and I’m still passionate about it. Anyhow, a CTO is supposed to be the person who sets technical vision for the company, but honestly – Identropy has way too much brainpower for a single person to do that. Instead, I get my hands dirty with the customer development process, lend a helping hand wherever its needed, and I have the privilege to talk identity with some of the brightest minds in this space every day.