There are many reasons why organizations begin their identity management programs. For some, it’s about reducing the costly manual processes associated with onboarding, managing, and de-provisioning end users. For others, it’s about more effectively managing regulatory compliance demands and improving security. Almost everyone cites improved user experience as a top motivation to automate provisioning, identity management, and move to single sign-on.
For Weight Watchers, one of the initial identity management catalysts was the move away from manual regulatory compliance management efforts. “From a compliance perspective, collecting your data and validating your processes manually is not the place you really want to be,” said Paul De Graaff, head of security and compliance at Weight Watchers. Weight Watchers also recently on-boarded 12,000 Google Apps users: “Doing that manually did not seem like the fun thing to do,” he said.
For the VP of identity and access management at a major banking organization, the initial driver for their identity management program was compliance, user certification, and the improvement of their user experience.
While panelists cited the benefits improved user experience, automating away time consuming manual processes, and improved security, business leaders such as the board of directors have taken notice, too, when it comes to identity management. And when boards do so, they help drive forward enterprise-wide identity management efforts to improve corporate governance, the panelists said.
For Humana, explained Andy Weeks, director of enterprise access at the healthcare insurance provider, the initial identity management efforts were focused on gaining operational efficiencies and improving security. But that was challenging at first, without senior leadership support, because it was an effort being managed solely from the security team. “That is a tough road to go,” Weeks said. That changed over time, he said, as the entire health insurance industry began to pay more attention to identity and access management as a strategy to manage enterprise security. “We have board level support, and the board made this [Identity] a priority. That top down mandate, plus the bottom up [operational] benefits we were experiencing from identity and access management made it much easier to drive our ongoing identity efforts,” Weeks said.
Greg Duff, VP of infrastructure services for GM Financial also witnessed grass-roots benefits through automation, and by moving identity management out of spreadsheets and away from cumbersome manual processes. That changed for the organization as Sarbanes-Oxley did for so many organizations and crystalized leadership’s attention toward compliance. “Now we have a team of people working on certification, business rules, and other aspects of identity management,” he said.
While big security breaches and sweeping regulatory mandates can shift executive focus to identity management for a short time, the commitment doesn’t always remain steady. How do organizations keep that commitment? Duff did it by focusing on the bottom-line: “We showed the return on investment. When they see that it costs $8 to manually provision someone verses $1 for automation, which speaks clearly to the value of automation,” he said.
In the year ahead, the panelists hope to continue building on their efforts. Duff said he will continue to espouse the value of identity management within the organization and remind executives why it’s so important to business success. “Single sign-on will be another big priority, as will removing extra logins, and securing unstructured data,” Duff said.
For the VP of identity and access management from the major banking organization on the panel, he wants to certify every application at the financial services firm, as well as continue to educate the entire organization about the value of identity management and tighten the integration of their provisioning and access management efforts.
For many of the other panelists, the year ahead will be forging forward with their cloud and mobile strategies. Identity is pivotal in those efforts, panels said. When it comes to completing the shift to cloud, Weight Watcher’s is almost there, explained De Graaff. “We are cloud first. And by the end of the year we may have some storage left on-premises, and with this move we needed the ability to extend identities into the cloud,” he said.
GM Financial, which has a hybrid cloud and on-premises environment said that there isn’t any significant difference when it comes to managing cloud identity. “Our security team has a lot of policies about what can be done in the cloud, and what can’t, and we have a lot of controls in place for that. For our team, we don’t see cloud as being anything different than any other app in the environment. We treat it like any other application,” he said.