Necessary Metrics For Your Identity Management Business Case

Starting down the path of implementing identity management in your organization requires that you “sell” the program to your executives and other stakeholders who are involved. In many situations, the best cases are made by demonstrating ROI: costs either saved or reduced by increasing efficiency, lowering frustration and time wasted, and other benefits to the organization’s bottom line.

Establishing that the value of the proposed program is greater than the costs associated with it will help to get the business case approved and seen as a necessary step forward to greater organizational efficiency and security.

Based on our conversations with customer and prospects, below are some common metrics you should as you build your business case:

Compliance Efficiency

  • Reduced time to compile access certification reports
  • Reduced time to review and complete access certifications
  • Reduced time to detect and remediate access policy violations
  • Reduced time to compile audit reports

IT Operational Efficiency

  • Reduced number of help desk incidents relating to passwords
  • Reduced number of help desk incidents relating to access requests/changes
  • Quicker help desk resolution times
  • Fewer help desk escalations
  • Reduced number of access changes performed by application administrators

User Productivity

  • Quicker new hire provisioning
  • Quicker ad hoc access changes
  • Quicker approval times on change requests
  • Quicker resolution of password incidents (forgotten password, resets)

Risk Mitigation

  • Expanded access certification coverage – more applications/users
  • Quicker deprovisioning of terminated workers
  • Quicker detection and removal of orphan accounts
  • Higher number of excess privileges revoked during certifications
  • Higher number of service accounts and duplicate accounts revoked during certifications
  • Expanded number of applications with enforced password policy
  • Reduced number of passwords for users to remember via single sign-on
  • Expanded number of applications with multi-factor authentication

Of course, after building a business case, you’ll eventually need to demonstrate the results. Here’s a great case study that shows how Rockwell Automation was able to show measurable ROI tied back to their specific identity management goals.