The rapid adoption of mobile devices and cloud services together with a multitude of new partnerships and customer-facing applications has extended the identity boundary of today\u2019s enterprise. For the\u00a0extended enterprise, identity and access management (IAM) is more than just provisioning employees with and enforcing the appropriate access to corporate resources. It\u2019s about the ability to oversee access by a variety of populations, from employees to partners to consumers, and protect a variety of sensitive resources (including data) that may reside on or off the organization\u2019s premises \u2013 all while helping to protect the organization from increasingly sophisticated cybercriminals and resourceful fraudsters.\tUnfortunately, legacy approaches to IAM are\u00a0failing us\u00a0because they can\u2019t manage access from consumer endpoints, they don\u2019t support rapid adoption of cloud services, they can\u2019t provide security data exchange across user populations, and offer no help against emerging threats.\tWe at Forrester have been promulgating a Zero Trust Model of information security. It eliminates the idea of distinct trusted internal networks versus untrusted external networks, and requires security pros to verify and secure all resources, limit and strictly enforce access control, and inspect and log all network traffic.\u00a0Zero Trust applies effectively to identity as well.\u00a0It requires security and identity pros to: 1) center on sensitive applications and data; 2) unify treatment of access channels, populations, and hosting models; and 3) prepare for interactions at Internet scale. Moving toward Zero Trust identity not only helps you improve business agility and achieve compliance \u2013 it even helps you enhance customer experience and deliver on your org\u2019s API monetization strategy.\tForrester's\u00a0Identity and Access Management Playbook\u00a0will help you evolve from the inflexibility of tightly coupled authentication and access controls to an approach where you deploy service services that produce and consume identity and entitlement information in a loosely coupled manner. Building a Zero Trust IAM strategy that supports the extended enterprise requires a four-step process:\t1.\u00a0\u00a0\u00a0Discover: Identifying the trends, justifying the business case, and assessing your maturity.\u00a0Understanding your organization\u2019s business objectives and what you can achieve with a\u00a0Zero Trust IAM\u00a0approach can help you build a sound business case for investment that recognizes the business, financial, and operational benefits. Once you have a well-defined business case, you can also assess your current capabilities against your business case and identify gaps in your strategy.\t2.\u00a0\u00a0\u00a0Plan: Creating a strategy to manage IAM as a sustainable, on-going program.\u00a0To make your IAM strategy a reality, you will need to\u00a0identify and influence stakeholders\u00a0on both the business and the IT side of the organization. You must also formally document your\u00a0IAM strategy\u00a0and include a description of your current state, a definition of your future state, and a detailed road map and set of recommendations for the sequence of projects needed to make the strategy a reality.\t3.\u00a0\u00a0\u00a0Act: Hiring the right staff, governing policies, and implementing IAM capabilities.\u00a0Because IAM pros must frequently communicate with a business audience, they must possess outstanding communication skills in addition to IAM technical knowledge. And because IAM is so broad and requires a strong central governing function, you will need to hire several types of\u00a0IAM professionals, including a VP or director-level position, an IAM architect, and an IAM practitioner. You will also be faced with a multitude of on-premises and\u00a0cloud-based solutions\u00a0to your IAM technical requirements.\t4.\u00a0\u00a0\u00a0Optimize: Measuring, monitoring, and marketing IAM results.\u00a0You\u2019ll have to measure and monitor the effectiveness of your IAM program and report value to the organization. With an effective metrics program, IAM leaders will be better prepared to demonstrate business value, develop a proactive culture, and align priorities and performance incentives with business strategy. You\u2019ll also be in a better position to understand how your program compares to that of your peers.\tSo what do you think? How does Forrester\u2019s vision of IAM compare to yours? And will our playbook be useful? My colleagues Andras Cser (@acser) and Stephanie Balaouras (@sbalaouras) and I (@xmlgrrl) value your feedback as we refine this playbook to help you be successful in your role.