On Developing an Identity Management Roadmap, Part I
Since we've performed more identity management workshops for our customers than I care to count, I thought a blog series was in order to provide some of our insights into aiding corporations develop an Identity Management Roadmap (which is a step by step guide for your organization to follow when deploying an identity management solution). I got a chance to sit down and interview some of our 10+ year identity gurus to collect some of their golden nuggets of identity wisdom for this series. Heck, this may even inspire and enable some of you ambitious folks out there to develop an IDM Roadmap for your organizations yourselves!
But I Don't Think I Need an Identity Management Roadmap
...and you may be right. Here are a few pointers that might indicate that an Identity Management Roadmap might be overkill for your organization. If you have a very specific itch that needs to be scratched but nothing more than that, then you probably do not need an IDM Roadmap. An example of a localized itch is if your organization just got slammed on an audit for "orphan accounts" in AD, but everything else was in perfect order. Another example is if you work for a healthcare organization that needs SSO to appease the docs who have to remember 25 different usernames and passwords for various applications, but everything else is in good shape (i.e., identity data integrity looks good, user access recertification processes are fine, etc.). In situations like these, find the right technology and apply it. Simple as that. At most, you'll need an afternoon whiteboard session with an Identity Management specialist to help you compare the pros/cons of the various toys in the identity toolbox that can solve your problem along with a cost analysis of software and services.
Why do I need an Identity Management Roadmap?
If you have more than a few identity related problems that you are trying to solve that may require more than one identity management software component, an Identity Management Roadmap will be critical for successfully putting a solution in place for the following reasons:
Architecture: Too often, we perform an Identity Management Assessment for a customer that already has an Identity Management system in place and find a hodgepodge of technologies poorly assembled together into what they deem their 'Identity & Access Management System'. In most cases, the various components of the system were deployed in isolation of each other, often times by different teams. Each team thought they had an isolated itch, purchased software, and deployed it. The result is a poorly constructed system that is repeatedly taped together with 'customizations'. The process of developing a roadmap will avoid such an end. A good workshop will identify stakeholders across your organization, set up interviews, and systematically find itches (use cases) corporate-wide. The result will be a better architecture that satisfies your organizations requirements as well as stands the test of time.
Pitfalls: The process of developing a roadmap will help you see the big-picture of your organization's requirements and strategic direction. This can ensure that your efforts don't get sidetracked by tactical endeavors, something that can easily occur without a roadmap to guide you. Identity Management initiatives are full of technology related time-sinks that give techies a 'really cool problem to solve,' but may not be a part of your corporation's business drivers. From another angle, a roadmap forces you to think strategically, taking timeline into consideration and focus on identifying time-sinks up front.
Exploit Your Software: The process of developing an IDM Roadmap will require a technology assessment of your infrastructure. Often times, we perform an Identity Management Assessment for a customer and find plenty of existing software that can be used to satisfy some of the client's requirements. It wouldn't be an over-exaggeration to state that on average, corporations use less than 20% of the capabilities of the IDM software they purchase, usually due to a lack of understanding the product's capabilities. The process of developing an IDM Roadmap will help unearth valuable software that you already own and could perhaps leverage in your identity initiative. How great would it be to find out that you could spend less on software because you could leverage what you already own?!
There you go. Three solid reasons why you should develop a roadmap prior to implementation. As you might have noticed, there are a lot of pre-requisites to the IDM Roadmap. That is the topic of our next post in this series.