Tip

IAM solution implementation: Challenges & resolution

In the second part of this multi-part tip on identity access management (IAM) programs, we discuss how to tackle the nitty-gritty of IAM implementation. Access the first part on IAM best practices.

The first part of this article discussed two best practices for identity and access management (IAM) solution implementation, explaining how IAM needs to be viewed as a business solution, at the same time embracing the overall IT vision of the organisation.

    Requires Free Membership to View

The methodology involved in structuring a solid foundation for IAM was also touched upon. We now look at two more best practices for successful IAM solution implementation.

3. Undertake staged implementation

In order to simplify the management of IAM solution implementation, it should be undertaken in multiple stages. Always start small, and ensure that the first stage not only has a limited scope with relatively simpler deployment, but also produces quick results and tangible benefits. An appropriate starting point is the implementation of the self-service module with password reset functionality. This ensures immediate commercial benefit. Subsequent stages would focus on adding more functionality and inclusion of more complex integrations. Possible stages could be as follows:

• Stage 2: Implementation of organization-wide user repository – virtual or meta directory solution.

• Stage 3: Implementation of role management.

• Stage 4: Automation of identity lifecycle business processes.

• Stage 5: Design of access management framework, including internal and external users.

• Stage 6: Implementation of Web single sign-on.

and so on. This would facilitate quick adoption of the IAM solution across the user community.

The compatibility verification of the IAM technology with the existing network- and IT application framework would aid in defining the scope of each stage. The typical steps involved are:

  • Clear scoping of each proof-of-concept.
  • Scalability planning to respond quickly to business and technology changes.
  • Pilot runs.
  • System integration.
  • Regression testing to verify the functional integrity of IT applications and platforms.

 

Figure 3. Staged approach to IAM solution implementation.

4. Educating the stakeholders

IT training is often conducted as a mere “how-to” implementation instruction set. Ideally, any such training should go beyond that and include explanations of the underlying technology, product capability and extendibility.

Educating the different stakeholders on the IAM technology and capability portfolio, with each IAM solution implementation education program tailored to the individual needs of the different user communities, is of prime importance.Of course, the IT staff would need to be educated in advance to ensure that the IAM solution is exploited to the maximum – avoiding, for instance, pitfalls such as lack of identity synchronization between different user repositories.

Such oversights could result in additional unnecessary expenditure on separate solutions to tackle issues that are actually within the realm of the main IAM solution itself. The business SMEs should also be educated on product capabilities so that the ideal mix of manual and  automated processes can result in optimal business efficiency. 

Also, operations staff should be educated on the subset of capabilities of the IAM solution that have been implemented at every stage. Education and training for IAM solution implementation must be looked at as an on-going activity, in tandem with the induction of new processes and emerging product capabilities.

Conclusion

The IAM solution plays a key role in enabling interactions and transactions in today’s digital world. Some IAM capabilities are required for providing end-to-end security, thus aiding in determination and improvement of the security posture of the organization. Unfortunately, IAM implementations often suffer roadblocks or are ultimately stalled, mostly due to poor management of the program. However, by following the best practices detailed in this article, mishaps can be minimized or avoided completely, and the IAM solution implementation can be smooth, realizing maximum business value.

Successful IAM solution implementation acts as a business enabler by providing a secured work environment in which to develop service offerings to customers and provide opportunities for new business initiatives. Compliance with industry regulations, reduction in IT administration costs and improvement in user productivity are some of the benefits of successful IAM solution implementation


In the second part of this multi-part tip on identity access management (IAM) programs, we discuss how to tackle the nitty-gritty of IAM implementation. Access the first part on IAM best practices.

About the author: Nilesh Shirke is the IAM practice head in security consulting at TechMahindra. He has a masters in IS from Johns Hopkins University, and is a Sun- and Oracle IAM certified consultant. He has over 15 years experience in project delivery and security management for IT and business.

This was first published in April 2011

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.