Part 3 of 3: IAM Lessons Learned Series: Measuring Success and Moving Ahead

Today’s blog is the final installment of the 3-part series in which I share tips and best practices we’ve learned along the way in our enterprise IAM deployments here at SailPoint. Before we jump, here’s a quick recap of the first two posts in the services. In the first article, I offered some best practices for building your identity management project team – a key first step in every project. Then, in part two, I outlined lessons learned for defining your Identity Management project scope, highlighting the need to break down projects into small “quick wins.”

Once you have the team and your project scope ready to roll, the next crucial step is to stay focused on goals and measuring your successes and adjusting as needed as you proceed. A common challenge I have seen time and time again with enterprise IAM projects is a myopic focus on the next deliverable. To be successful, teams must keep the long-term goals and objectives established in the planning phase in mind as they make decisions and navigate the inevitable roadblocks that will arise during the project. One of the most effective ways to do this is to regularly report victories (and setbacks) to the list of stakeholders we discussed in the first blog. As you execute against your project plan here is a list of things that will help you keep the big picture in mind and visible to the rest of the organization:

Celebrate the quick wins
One of the best ways to start off a project is by firmly establishing confidence with your stakeholders. Work with your project management committee to identify several small early accomplishments that will get the team off to a good start and ensure ongoing adoption and support for subsequent phases. As the team completes each milestone, provide visibility to those quick wins across the organization by highlighting the value achieved – whether that’s increased operational efficiency, reduced costs, or improved risk posture.

Focus on the business
Since the line of business should be one of the primary stakeholders in every IAM project, you should pay particular attention to their needs as you select and implement an IAM solution. The focus should be to make business users self-sufficient across a wide variety of provisioning, access request, SSO, and compliance processes. For example, when business users are able to perform compliance tasks without relying upon IT, there is an immediate positive effect on the efficiency and cost-effectiveness of the overall IAM effort. By implementing a solution that incorporates business context into the technical IT data, organizations enable business users to make better decisions, reducing the chance for errors, and ultimately, minimizing risk across the enterprise.

Use metrics and data to reinforce value
In today’s cost-conscious world, every dollar counts, and IAM projects generally require both upfront and ongoing funding. Making sure everyone understands just how much more effective a new compliance, provisioning or access management process is compared to a previous one can be very useful in maintaining a high level of support over the duration of the project. The most effective way to accomplish this is to ensure that your reporting is metrics-driven. You have to start early to be effective with this approach. To get started, you should establish the current “cost” of IAM processes before the project begins. This provides the baseline against which your short- and long-term successes will be measured. Then, as you complete each phase of your project, you can calculate the benefits derived from implementing new IAM systems and processes.

And that wraps up this first series on lessons learned from enterprise IAM deployments. As we learn more from our customer successes, we’ll be sure to share with you how they define and achieve success implementing SailPoint’s IAM products.