Involving the business in an IAM implementation
And the potential pitfalls of not doing that adequately.
Chief Evangelist André Koot has been focusing on the field of Identity and Access management for 20 years. His message is clear. IAM is no IT party, but a change affecting all business processes. Collaboration between different departments is therefore crucial. In this blog series, we asked him the most pressing questions about why IAM implementations are so often unsuccessful. This time, he delves into the importance of involving the business in an IAM implementation by zooming in on what happens if you don’t.
What is the danger of not involving the business in an implementation?
“As we often say: Show me a failed IAM project and I will show you an IT project. Most IAM experts say that IAM is a business responsibility. And yes, so do we. If you don’t have the buy-in from business managers, chances are that you will only buy and implement an expensive IT tool.
Too often, we see that an IGA product is bought for just connecting HR data to Active Directory for account provisioning purposes. Indeed, that will be one of the business requirements, but using IGA just for that is just a waste of money.
The real benefit for using IGA is by managing accounts and authorizations for business applications by implementing automated workflows for managing access to business functionality for employees. And empowering managers and employees by giving them the self-service capabilities of modern IGA systems to take responsibility for access control decisions. Furthermore, with IGA, the IT department can be relieved of their duties to manage authorizations for the business. Finally, benefits are achieved by providing governance functions. Such as reporting and certification processes and by allowing auditors to access account and authorization information.
The real benefit of IGA is in managing accounts and authorizations for enterprise applications by implementing automated workflows for managing employee access to enterprise functionality. And by enabling managers and employees, with self-service capabilities of modern IGA systems, to take responsibility for access control decisions.
And as you can see, implementing IGA benefits the business in more than just the financial business case. It offers the assurance needed to be able to be in control of authorizations. It offers the governance the business needs.”
Background blog series
The installation of a new identity and access management software package is often approached as an ICT implementation. This not only brings risks but also unnecessary costs and dissatisfied users. Companies grow and change. The digital age has transformed many companies, in which digital possibilities are increasingly used. This has resulted in many applications, systems, and occasionally a somewhat fragmented ICT landscape and decentralized organizational control. In doing so, more and more types of users use an organization’s digital assets. Such as employees, customers, partners, devices, and things. In identity and access management, it is precisely important that these things are connected. Well, in a safe and thoughtful way. This blog series addresses this.