Security icon

Mature Your Identity and Access Management Program

Securely manage identities and their access from identity creation to deactivation.

Get Instant Access to this Blueprint

Contributors

  • Chen Heffer, CEO, CyTech
  • Rob Marano, Co-founder of The Hackerati
  • Dave Millier, CEO of Sentry Metrics
  • Defense Industry Technology Executive
  • Sheldon Malm, Vice President – Business Development, Sentry Metrics
  • Jennifer Hong, Independent Management Consultant
  • Five anonymous company contributors

Your Challenge

Weak identity and access management (IAM) practices result in considerable risk to the organization because it plays a role in most things in IT.

Common reasons behind weak IAM practices include:

  • There is no central ownership of IAM. Owners of IAM actions outside of IT (e.g. provisioning an account in an HRIS) may be resistant to adopting change.
  • IAM processes are ad-hoc and reactionary. Organizations do not have a high-level understanding of how identities and access is managed at the organization.
  • The organization lacks technology to better manage their defined IAM processes. IAM software remains expensive and is often implemented before the people and processes to support that technology have been identified.

Our Advice

Critical Insight

To have a successful identity and access management program, you must first identify who will be the owner(s). Then, in collaboration with the owner(s), create processes that support the organization’s goals. Lastly, consider the practicability of how technology can assist in enabling or automating defined processes.

Impact and Result

Info-Tech provides a high-level framework that helps organizations ensure they are following best practice at all stages of an identity's’ lifecycle.

  • Identify the drivers behind improving your IAM practices.
  • Develop best practice processes for each section of the identity lifecycle.
  • Understand the benefits of using IAM software.

Use our research to start your journey to mature the IAM program at your organization.

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out how you improve the organization's Identity and Access Management practices using Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Guided Implementations

This guided implementation is a seven call advisory process.

Guided Implementation #1 - Assess identity and access management requirements

Call #1 - Identify the drivers, goals, and scope for improving the IAM program.
Call #2 - Identify the unique IAM challenges and risks that exist for the organization.

Guided Implementation #2 - Identify initiatives using the identity lifecycle

Call #1 - Identify initiatives to improve onboarding processes.
Call #2 - Identify initiatives to improve authentication and authorization processes.
Call #3 - Identify initiatives to improve offboarding processes.

Guided Implementation #3 - Prioritize initiatives and build a roadmap

Call #1 - Prioritize initiatives using a cost/effort and benefit analysis.
Call #2 - Build an IAM improvement roadmap based on prioritized initiatives.

Onsite Workshop

Unlock This Blueprint

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Assess Identity and Access Requirements

The Purpose

  • Understand the drivers, goals, and scope of the IAM improvement project.
  • Explore the IAM challenges and risks that exist for the organization.

Key Benefits Achieved

  • A list of goals for improving the organization’s IAM practices, based on the existing drivers and defined project scope.
  • A list of the IAM challenges that the organization faces.
  • A list of the inherent IAM risks because of the organization’s IAM challenge, and the risks that exist due to current IAM practices.

Activities

Outputs

1.1

Define the goals and scope of the IAM improvement initiative.

  • List of IAM drivers and goals.
1.2

Identify the IAM challenges and risks that exist for the organization.

  • List of IAM challenges and risks.

Module 2: Identify Initiatives Using the Identity Lifecycle

The Purpose

  • Identity areas of weakness within existing IAM practices and create improvement initiatives.

Key Benefits Achieved

  • A better understanding of the strengths and weaknesses of the organization’s current IAM practices.
  • A list of initiatives for improving the organization’s IAM practices.

Activities

Outputs

2.1

Investigate current and desired onboarding practices.

  • IAM current and future state assessments for onboarding practices.
2.2

Investigate current and desired authentication practices.

  • IAM current and future state assessments for authentication practices.
2.3

Investigate current and desired authorization practices.

  • IAM current and future state assessments for authorization practices.
2.4

Investigate current and desired identity and access auditing practices.

  • IAM current and future state assessments for identity and access auditing practices.
2.5

Investigate current and desired offboarding practices.

  • IAM current and future state assessments for offboarding practices.

Module 3: Prioritize Initiatives and Build a Roadmap

The Purpose

Prioritize initiatives for improving IAM practices at the organization and incorporate them into a roadmap.

Key Benefits Achieved

The development of a roadmap for improving Identity and Access Management at the organization.

Activities

Outputs

3.1

Conduct cost/benefit analysis on initiatives.

3.2

Prioritize gap initiatives based on cost, time, and alignment with the business.

3.3

Build an effort map.

3.4

Determine initiative start times and accountability.

3.5

Finalize IAM roadmap and action plan.

  • Roadmap for IAM program improvement.
Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019