- Chen Heffer, CEO, CyTech
- Rob Marano, Co-founder of The Hackerati
- Dave Millier, CEO of Sentry Metrics
- Defense Industry Technology Executive
- Sheldon Malm, Vice President – Business Development, Sentry Metrics
- Jennifer Hong, Independent Management Consultant
- Five anonymous company contributors
Weak identity and access management (IAM) practices result in considerable risk to the organization because IAM plays a role in most things in IT.
Common reasons behind weak IAM practices include:
- There is no central ownership of IAM. Owners of IAM actions outside of IT (e.g. provisioning an account in an HRIS) may be resistant to adopting change.
- IAM processes are ad hoc and reactionary. Organizations do not have a high-level understanding of how identities and access are managed at the organization.
- The organization lacks technology to better manage their defined IAM processes. IAM software remains expensive and is often implemented before the people and processes to support that technology have been identified.
To have a successful identity and access management program, you must first identify who will be the owner(s). Then, in collaboration with the owner(s), create processes that support the organization’s goals. Lastly, consider how technology can assist in enabling or automating defined processes.
Impact and Result
Info-Tech provides a high-level framework that helps organizations ensure they are following best practice at all stages of an identity's lifecycle.
- Identify the drivers behind improving your IAM practices.
- Develop best practice processes for each section of the identity lifecycle.
- Understand the benefits of using IAM software.
Use our research to start your journey to mature the IAM program at your organization.
This guided implementation is a seven call advisory process.
Guided Implementation #1 - Assess identity and access management requirements
Call #1 - Identify the drivers, goals, and scope for improving the IAM program.
Call #2 - Identify the unique IAM challenges and risks that exist for the organization.
Guided Implementation #2 - Identify initiatives using the identity lifecycle
Call #1 - Identify initiatives to improve onboarding processes.
Call #2 - Identify initiatives to improve authentication and authorization processes.
Call #3 - Identify initiatives to improve offboarding processes.
Guided Implementation #3 - Prioritize initiatives and build a roadmap
Call #1 - Prioritize initiatives using a cost/effort and benefit analysis.
Call #2 - Build an IAM improvement roadmap based on prioritized initiatives.
Book Your Workshop
Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Assess Identity and Access Requirements
- Understand the drivers, goals, and scope of the IAM improvement project.
- Explore the IAM challenges and risks that exist for the organization.
Key Benefits Achieved
- A list of goals for improving the organization’s IAM practices, based on the existing drivers and defined project scope.
- A list of the IAM challenges that the organization faces.
- A list of the inherent IAM risks because of the organization’s IAM challenge, and the risks that exist due to current IAM practices.
Define the goals and scope of the IAM improvement initiative.
- List of IAM drivers and goals.
Identify the IAM challenges and risks that exist for the organization.
- List of IAM challenges and risks.
Module 2: Identify Initiatives Using the Identity Lifecycle
- Identity areas of weakness within existing IAM practices and create improvement initiatives.
Key Benefits Achieved
- A better understanding of the strengths and weaknesses of the organization’s current IAM practices.
- A list of initiatives for improving the organization’s IAM practices.
Investigate current and desired onboarding practices.
- IAM current and future state assessments for onboarding practices.
Investigate current and desired authentication practices.
- IAM current and future state assessments for authentication practices.
Investigate current and desired authorization practices.
- IAM current and future state assessments for authorization practices.
Investigate current and desired identity and access auditing practices.
- IAM current and future state assessments for identity and access auditing practices.
Investigate current and desired offboarding practices.
- IAM current and future state assessments for offboarding practices.
Module 3: Prioritize Initiatives and Build a Roadmap
Prioritize initiatives for improving IAM practices at the organization and incorporate them into a roadmap.
Key Benefits Achieved
The development of a roadmap for improving Identity and Access Management at the organization.
Conduct cost/benefit analysis on initiatives.
Prioritize gap initiatives based on cost, time, and alignment with the business.
Build an effort map.
Determine initiative start times and accountability.
Finalize IAM roadmap and action plan.
- Roadmap for IAM program improvement.
After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.