2011: Incorporating Business into IdM (Finally!)

If you can believe it, I’m already fielding questions about my prediction for 2011. As customers start planning for next year, they want to know where to focus and what to look for. I know the IdM industry has long-talked about the holy grail of bridging IT and business (or “marrying IT and business” or “T driving the business” or some other cliche). That is becoming a reality – and will be even more so next year – for two reasons: the need for the business to be actively involved in IdM; and, with tools like Identity IQ, their ability to do so. These two concepts have become “table stakes” for good identity governance.

The need for business involvement. I may sound like a broken record, but I believe that 2011 will bring more IT challenges than we’ve seen in a long time. Many companies are still struggling to meet existing compliance requirements, and most of them believe that more regulation is on the way. Unfortunately, these same companies are also facing an increased risk of insider threats as a result of layoffs, hastily completed mergers and stagnant wages over the last two years. IT risk management is now a corporate imperative, and addressing these identity governance concerns requires business-level participation.

The ability to involve the business. You’ve probably always understood the value of involving IT and business managers in identity management efforts, but until recently, business managers were asked to review technical information that was virtually meaningless to them. Today’s next-generation provisioning and identity governance solutions like IdentityIQ were designed with business users in mind. IdentityIQ creates a single, authoritative view of “who has access to what” and then translates that technical identity data into consistent, business-relevant information. Now, business managers have the information they need to certify access privileges and better address the IT risks companies face.

Finally, in order for this business and IT integration to succeed, participants from both sides need to come together and communicate. I’d like to offer three best practices to help you ensure that your company’s business managers are active participants in your IdM processes (I recently wrote a more in-depth piece for eWeek on this topic).

  1. Build a culture of business accountability – Establish a regular, automated process for business managers to review access, establishing a culture of accountability.
  2. Focus on policy alignment – IT and business managers must collaborate on policy alignment to ensure that controls are designed and implemented correctly.
  3. Make transparency a priority – Provide business managers with business-oriented user interfaces, glossaries and help facilities that turn IT data into business intelligence to facilitate good decisions and effective oversight.

As your company involves more business users, we want to help you succeed.  If there are specific topics you’d like us to provide more advice on, please leave a comment and we’ll address them in future posts. We’ll also be hosting a customer best practices session at next month’s Gartner IAM Summit, where a customer will discuss the value of taking a business-driven approach to identity governance.

I believe the shift toward more business involvement is a positive one for the IdM industry. It will help companies better address security and compliance requirements, and create more visibility with executive management. It’s an exciting evolution in the market, and I’m looking forward to next year!