How To
How to Make a Business Case for Identity Management
Sure, a good identity management program is great for security and oftentimes necessary for regulatory compliance--but there are productivity and efficiency benefits as well. Kate Walsh IDs five tips for finding and articulating the business case for IDM.
By Katherine Walsh
In order to increase your chances of delivering on what you say you will, Gervais says transparency with the business and users is key. "Have a lot of cross-discipline meetings, and be open about your milestones and deliverables. That gives the business a way to gauge what you're true progress is."
A detailed end-user communication plan also aids in a successful IDM implementation, says Palma. Just as the business wants to know how IDM will drive cost out of the organization, users (who will be impacted by IDM on a daily basis) want to know "what's coming, why you're doing it, and how it's going to make their end user experience better." For those reasons, Palma says you need to have a strong awareness plan in place and get user buy-in before rollout.
Finally, companies should not underestimate the effort and cost associated with IDM. An implementation can reach four to five times the cost of the software, says Mark McClain, CEO at SailPoint, an identity management vendor. The more customization you need to align that software with your businesses processes, the higher the deployment costs and the longer the implementation. "I've seen provisioning deployments stall out after being integrated with just 10 percent of an organization's applications because of the time and money required to extend the rollout further."
Making a solid business case and having a plan in place will help you avoid these pitfalls. "It takes active participation of business and IT groups, integration with existing technology infrastructure and some degree of customization to accommodate the unique needs of your business processes," says McClain.
4. Don't Forget to Have a 'Mr. or Ms. IDM'--Is This You?
The IT department may own the budget and the implementation, but it is dependant on the buy-in and participation of business groups at every step in the process. That's why Gervais and Palma agree that every company should have a "Mr. or Ms. IDM." That means that one person be responsible for explaining where the organization is manually, what the vision for automation is and how the plan will be executed. "Structurally," Palma says, "a lot of organizations find that hard to do."
Gervais says the person in charge should be focused on building relationships with the departments most impacted by an IDM solution. "That includes infosec departments, customer facing departments, the help desk (which bears the burden of a lot of the operational issues with IDM) and perhaps the director of application development," he says.
identity management
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Keeping Your Members Safe from Online Scams and Predators
- Understanding Versatile Authentication and Its Benefits
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- WagerWorks Takes Fraudsters Out of the Game Using iovation
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
