Editor’s Note: If you missed out on Navigate ’18 in Austin, you also missed the opportunity to hear our Mistaken Identity podcast co-hosts not only emcee the event, but also share their identity insights. Based on his session at Navigate ’18, today’s blog post comes courtesy of David Lee. He takes us all to school by sharing what it takes to get your doctorate in identity, and why we all need this particular designation.
We’ve come a long way in the field of identity. In its early days, identity was seen as an administrative problem, something that made admins’ jobs easier, but didn’t affect the business itself. We know better now. We understand the impact identity has on the business, and how proper governance can lead to more effective access control and risk mitigation. But instead of discussing what identity is, we should be focusing on who is doing it and – more importantly – how.
The Identity Practitioner
A popular title that’s come about lately is the “Identity Practitioner” – a nice way of saying the one who has been through the last ten years implementing identity and is still around to tell the story. For those of us who have done it, we know the road has been tough. In the beginning, 90% of all identity projects failed. Millions of dollars spent, and in some cases, nothing to show for it. We struggled to find the right combination of project management and software development to get the job done. Some of it was the software (honestly, legacy systems had some major flaws), but a lot of it was us. We weren’t asking the right questions to the right people at the right time. Where we needed to be doctors, we were simply laborers.
A good doctor asks questions. They need to understand all the causes; then they can diagnose the problem. Instead of jumping to a conclusion from the first thing you tell them, they continue to probe to make sure they understand the full scope of the issue. “Do you have a fever? Aches and pains? Show me where it hurts.” They need to find and understand the underlying symptoms; then they can treat the disease. Once they know the cause of the problem, they can create the treatment plan to cure their patient instead of only mitigating the symptoms. We trust them because they are the experts; they know what works and what doesn’t.
Often in the world of identity, we jump straight to the symptom and begin to apply treatment. We don’t take the time to probe and ask more questions, to gain a deep understanding of the problem. Thus, our solutions are often seen as unstable or are in constant need of adjustment. Our customers depend on us, the practitioners of the identity world, to be their doctors. It’s our job to ask the right questions, understand the pain points of the business and then apply the right technical and business solution to alleviate their problems. Yes, both technical and business solutions.
Implementing identity must be a mixture of both the IT and business sides of the organization. Changing a bad business process and making it more efficient offers better benefits than an implementation that simply covers up the faulty process. But it’s up to us – the identity professionals – to relay that information, to see beyond the symptoms and treat the disease.
Identity is central to an organization’s security architecture. It gives life to dozens of processes and enables the business to do what they do best. As technologies and businesses themselves evolve, identity will play an even bigger role in helping to shape how users access data throughout their work day and become the foundation of application architecture. To get there, we all need to get our doctorates in identity.