The Secrets of Identity Success

Of course you want your identity and access management strategy to help your business be more agile and efficient. But for that strategy to be effective, you have to direct it toward a specific desired outcome. Let’s look at what that means exactly, using Active Directory (AD) projects as an example.

Success Is Relative

Consider this scenario: If, after a year-long effort, your strategy has taken you to the goal of full Active Directory (AD) automation with your identity and access management program, have you been successful? It depends. One organization I know saved three man-years with AD automation, while another saved only one. But in the first case, AD requests constituted only 4% of all access requests; in the second, they represented 75% of all requests.

When you look at the larger business context surrounding the achievement, it’s obvious the second organization made a bigger impact on business agility and efficiency, even though it saved fewer man-years. The point is, it’s easy to fixate on the fact that you’ve completed a task, but lose sight of what you gained (or didn’t gain) by doing so. For this reason, it’s important to be clear about how you’ll define success and to have metrics in place to demonstrate you’ve reached the desired outcome.

Perspective Is Everything

Staying with the example of an AD project, it makes sense to try to shorten design-and-build cycles by leveraging previous work, including collective wisdom and existing data sources. But consider the pitfalls. There may be internal network access restrictions, limited access controls and groups, and so on. To overcome these, take a step back to look at the design from the perspective of the consumer (user of the service), customer (the ones that pay for it), or regulator (the actual standard that dictates the project’s requirements).

This shift in perspective can help determine an appropriate strategy. Here are a few basic rules to help maximize your project’s business value:

• Live inside the box. Always exploit any native capability available to you, whether it’s the AD environment or software. Why invest in creating or changing something you don’t have to?
• Minimize complexity. Not everything must be automated. Many organizations have at least a few manual processes that are effective. Again, why change something you don’t have to?
• Know what you need. Overly complex and costly compliance projects, for example, are sometimes caused by trying to satisfy framework controls that may not even be required.
• Remove the “cool” factor. Just because you can do something that’s fun to geek out on doesn’t mean you should. Making a project easy for users is cool in its own right; keep it simple.

Need some inspiration? Download the RSA eBook Reimagine Your Identity Strategy. It will help you evaluate your current approach, understand what you need to be successful, and make sure you have the right technology to reach your goals.