The Components of Identity Management Planning
To successfully deploy an IAM solution, there are a few key factors that must be taken into account first. An identity or access governance project is something that affects an entire enterprise: that includes processes, workflows and the ways people interact. In order to fully understand this, perhaps it would be insightful to break down the actual components that comprise identity management planning.
IAM implementation isn’t something that happens overnight—nothing that involves IT departments do.
This planning takes on a subtle sentience of its own. While there are buzzwords that you’ll hear in any planning stage of an agency or firm, consider them devices in this article to explain the process fully to you.
Some aspects of this post were inspired by a previous blog post from Scott Hammer. If you want to read more about integration projects, make sure you check it out.
Bring the Stakeholders and Team On-Board
You can’t implement a plan or IAM project until you have buy-in from the stakeholders and team members. In this early stage, gaining overall support is essential or else there will be resistance to the new implementation. Whether you are a high-level executive pitching this or an IT department head, getting this first is necessary.
It’s the goal of the IAM solution provider to ask the pain points and goals that the business may have, and get valuable input that will be directed toward the IAM project.
Risk Assessment and Scope
This is the obvious step: the planning part of the planning methodology. We know in order to show measureable results, the current state of the business needs to be quantified. How many stagnant accounts are in the current system, and is there a current log of who has access to what, when? Chances are, if the business is transitioning into an IAM infrastructure, this is probably not the case. Not on a streamlined and uniform scale, at least.
Some questions to ask in order to plan for the next steps:
- Find out the amount of risk mitigation that will be needed
- Is provisioning going to be an issue?
- What materials will be needed to complete the project?
- Is this ideal for scalability in the future based on the company?
- Have you gone over a roadmap listing all of the steps, and the average amount of time the implementation will take?
Deployment and Delivery
Once a project begins, it can take anywhere from 18-36 months or longer depending on the needs. After every iteration, make sure those involved start seeing the successes of the implementation. It really is a team effort, so revel in that and use the proper language and value statements to keep the project alive and well.
This will help create supporters and meet (and hopefully exceed) expectations. Don’t be shady—identity management involves everyone, and shouldn’t be treated as a covert operation.
These are some valuable components to initiating an identity management plan. By being able to take criticism and input from the others in the business, it is a good component that will help bring in your IAM roadmap. Regardless of what vendor you select, make sure communication is on the top of the docket when approaching identity management.