In the second part of this multi-part tip on identity access management (IAM) programs, we discuss how to tackle the nitty-gritty of IAM implementation. Access the first part on IAM best practices.
The first part of this article discussed two best practices for identity and access management (IAM) solution implementation, explaining how IAM needs to be viewed as a business solution, at the same time embracing the overall IT vision of the organisation.
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to searchSecurity.in you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of searchSecurity.in is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
The methodology involved
in structuring a solid foundation for IAM was also touched upon. We now look at two more best
practices for successful IAM solution implementation.
3. Undertake staged implementation
In order to simplify the management of IAM solution implementation, it should be undertaken in multiple stages. Always start small, and ensure that the first stage not only has a limited scope with relatively simpler deployment, but also produces quick results and tangible benefits. An appropriate starting point is the implementation of the self-service module with password reset functionality. This ensures immediate commercial benefit. Subsequent stages would focus on adding more functionality and inclusion of more complex integrations. Possible stages could be as follows:
• Stage 2: Implementation of organization-wide user repository – virtual or meta directory solution.
• Stage 3: Implementation of role management.
• Stage 4: Automation of identity lifecycle business processes.
• Stage 5: Design of access management framework, including internal and external users.
• Stage 6: Implementation of Web single sign-on.
and so on. This would facilitate quick adoption of the IAM solution across the user community.
The compatibility verification of the IAM technology with the existing network- and IT application framework would aid in defining the scope of each stage. The typical steps involved are:
- Clear scoping of each proof-of-concept.
- Scalability planning to respond quickly to business and technology changes.
- Pilot runs.
- System integration.
- Regression testing to verify the functional integrity of IT applications and platforms.
Figure 3. Staged approach to IAM solution implementation.
4. Educating the stakeholders
IT training is often conducted as a mere “how-to” implementation instruction set. Ideally, any such training should go beyond that and include explanations of the underlying technology, product capability and extendibility.
Such oversights could result in additional unnecessary expenditure on separate solutions to tackle issues that are actually within the realm of the main IAM solution itself. The business SMEs should also be educated on product capabilities so that the ideal mix of manual and automated processes can result in optimal business efficiency.
Also, operations staff should be educated on the subset of capabilities of the IAM solution that have been implemented at every stage. Education and training for IAM solution implementation must be looked at as an on-going activity, in tandem with the induction of new processes and emerging product capabilities.
Conclusion
The IAM solution plays a key role in enabling interactions and transactions in today’s digital world. Some IAM capabilities are required for providing end-to-end security, thus aiding in determination and improvement of the security posture of the organization. Unfortunately, IAM implementations often suffer roadblocks or are ultimately stalled, mostly due to poor management of the program. However, by following the best practices detailed in this article, mishaps can be minimized or avoided completely, and the IAM solution implementation can be smooth, realizing maximum business value.
Successful IAM solution implementation acts as a business enabler by providing a secured work environment in which to develop service offerings to customers and provide opportunities for new business initiatives. Compliance with industry regulations, reduction in IT administration costs and improvement in user productivity are some of the benefits of successful IAM solution implementation
In the second part of this multi-part tip on identity access management (IAM) programs, we discuss how to tackle the nitty-gritty of IAM implementation. Access the first part on IAM best practices.
About the author: Nilesh Shirke is the IAM practice head in security consulting at TechMahindra. He has a masters in IS from Johns Hopkins University, and is a Sun- and Oracle IAM certified consultant. He has over 15 years experience in project delivery and security management for IT and business.
This was first published in April 2011