At SailPoint, I’ve had the privilege of working alongside teams at some of the world’s leading banks, insurers, healthcare providers, and manufacturers. Together, we have more than a few enterprise identity and access management deployments under our belts. We’ve got a lot of tales to tell. And we’ve learned many lessons along the way. I thought it might be valuable to share these common experiences.
So, today, this blog is the first in a 3-part series in which we share lessons learned in enterprise IAM deployments. To begin,
I want to address the topic of IAM stakeholders. It’s a fact that the number of different groups and people involved in IAM projects has expanded dramatically over the last 7-8 years.
IAM is no longer invisible “IT plumbing” that business users and executives never hear about. In fact, many aspects of IAM are now directly exposed to business users in the form of compliance activities, self-service access request, and self-service password management.
So lesson #1 is “ensure you involve, educate, and manage your stakeholders.” Starting from the earliest planning stages, ensure that these stakeholders have a shared vision of what the project will accomplish and a clear sense of the part they will play, including an understanding of the time commitment that will be required. Here are specific steps to recruit and engage the right constituents in your project:
Demonstrate value to the business
Providing convenient services to the business is critical for gaining buy-in and adoption for your IAM project. It’s well worth the investment in training and step-by-step demonstrations to show the value of self-service access request, password management and single sign-on capabilities, and to convince business users that their lives will be made easier through automated access certifications. In today’s world, IT must work in partnership with the business to strengthen controls and visibility where needed – this process is a lot easier when you show them real value that makes a difference in their day-to-day activities.
Engage audit and compliance early and often
All IAM projects should be designed to address compliance requirements. Therefore, you should consider the needs of audit and compliance staff as you outline your project requirements. Baking in the right audit controls from the beginning will save you and your business users a lot of headaches down the road. You can make their lives a lot easier by automating many of the mundane audit processes and removing the need to go from app owner to app owner to get the data they need to validate audit controls. You can also eliminate a lot of manual compilation work by showing them self-service reports and ad hoc queries to get the information they need without waiting for someone else to do it. From the standpoint of “identity intelligence,” you can be an internal auditor’s best friend.
Enlist support from the top
Given the scope and criticality of most IAM projects, you will need project sponsorship by IT and business executives, especially if you encounter unforeseen resistance. Executive support can provide the catalyst for change that is essential to the success of any identity management project. For example, in one customer’s case, central funding and sponsorship by the CFO helped the company avoid potential barriers to progress.
Create a central working group across teams
By establishing a central project management committee, you can share best practices and processes, and resolve conflicts and issues as they arise. This is also a good forum for defining clear responsibilities for each group and to maintain commitment throughout the project. It’s important that you get the right representatives from each group to participate in the committee – they’ll need both knowledge of requirements and authority to make decisions in order to be most effective.
To read more about customer deployments and lessons learned, visit our customer page.