Identity Management Blog

Building consensus for your IAM program and turning it into an enterprisewide initiative is critical to its success. Our team recently had an onsite meeting with the CIO, CSO, CTO and ten or so other key players to review our joint progress on their IAM implementation. We reported that we were on task and under budget but that we had identified a significant risk to the project. The risk we were facing was that Human Resources was neck deep in rolling out a new HR system and that they were unwilling to collaborate with the IAM team until sometime in January. During the meeting, we highlighted ...
Read More
Identity and Access Management (IAM) is hard and you shouldn’t have to go it alone. To be successful, you need the backing of the organization from all levels. One of the biggest pitfalls to avoid is the loss of momentum and support for a program. It’s a real risk and can create significant challenges as IAM is a long haul item. It lasts years and is never truly “done.” A good IAM program manager ...
Now that’s a silly premise… or is it? For those unfamiliar, World of Warcraft (WoW) is a massively multiplayer game set in a high fantasy world replete with elves, orcs, dwarves, and big bad bosses that require dozens of players cooperating to beat them. It’s played by millions of people around the world and is one of the most successful games of all time.
It's a new year and a great time to refactor and refocus your identity and access management (IAM) program and strategy. To do it right, you need to have executive sponsorship, engagement, and organizational consensus. Do you have all 3 of these going into your IAM program this year?  
The other day I went to visit a prospect who was evaluating vendors for a digital transformation project. The person heading up the project was a Senior Program Manager. She was clearly very capable – one of those people who are change agents within an organization. As soon as I walked in I could tell that she had rolled up her sleeves and was on a mission to accomplish great things. I was ...
More bad news this week coming out of the SWIFT messaging system hacks. New banks are being targeted and an unspecified number have experienced incidents. In the case of the $81 million dollar Bangladesh Bank breach, the intrusion started with a vulnerable network switch. The bank used “second-hand networking gear” which led to the compromise. Second-hand anything in your security and networking ...
What comes to mind when I picture an Olympic athlete? Commitment Conditioning Repetition An Olympian is committed to their specialty, continually conditioning their mind and body to optimize performance, and repeating their actions again and again to achieve as close to perfection as possible. I liken this with preparing for an IAM implementation.
I sometimes think of the discipline of IAM Program Governance as PPnT - “people, process, and no technology.”  It is the least technical part of the IAM leader’s job. Really IAM Governance includes a few disciplines: Operating Model (PBR) At Identropy, we’ve been talking about “Plan, Build, Run”  (PBR) for a long time. I have been thrilled lately to see how many of our clients have embraced PBR ...
Over the holidays, I decided to rebuild my deck. It's now February, and I am still not finished. I’ve had a lot of time to think about how deck building is a lot like building an IAM program (deep stuff huh?). I figured I'd share these deep thoughts in hopes you can avoid some of the common pitfalls of an IAM program.