Navigate ’17 Day One: Identity Management Fuels Digital Transformation
If anything became clear to me as I attended the various breakout sessions, keynotes, and spoke with Navigate ’17 attendees is that identity management – getting identity management done right – is crucial to digital transformation success.
When I first started covering enterprise identity management, way back in the days when names like Oblix and Waveset were in the news, it was primarily about provisioning internal users to IT resources and the beginning of managing web access. Back then identity management was a topic discussed only at security conferences, and managed by a few folks from deep within the IT department. Getting provisioning and identity management right in those days was important, to be sure, but it didn’t mean the difference between the success, or failure, of the business. At least not as quickly.
Today, I’m not so sure. Today, the entire business is digital, and if it isn’t it will be soon – or it’s a business that very well may not survive. This is why businesses everywhere in virtually all industries are working feverishly to digitally transform all of their business processes from their supply chains, how their staff collaborates, the web and cloud efforts, to DevOps and continuous integration/delivery efforts. It is about speed and market agility.
Last summer, research firm IDC conducted a survey that found 72 percent of enterprises believe that it is critical or very important for an organization to modify IT processes and resources to support a digital business model. And it’s why, today, identity management has moved from IT backroom to the fuel that enables successful long-term digital transformation.
That was made clear today with customers sharing their stories about how they are not only more successfully managing user access to the resources they need to do their jobs, but how many organizations have their business leadership squarely behind their identity management efforts. And not just to meet barebones regulatory compliance mandates, but by making the necessary investments in identity that it becomes strategic in making an organization more agile.
Andy Weeks and Tina Timmerman’s presentation Implementing Role-based Access Control with Humana: An Enterprise Journey drove this home. Weeks, director of EIP Access Management at Humana Inc., listed the business opportunity of their RBAC efforts. Solving audit and compliance exposures ranked high, as always. So did driving down unit costs and streamlining operational processes, not surprisingly. But also ranked high as a motivation for their efforts was creating exceptional customer experiences and the ability to move at the pace of the business.
Outside of promises within sales and vendor conference presentations, these motivations were largely unheard of a handful of years ago. And, while the payoff doesn’t always come easily, as Weeks explained, the business transformation as a result of the effort is worth it.
But implementing identity doesn’t always have to be a heavy lift, as Mark Routh senior manager with Western Union’s information security organization detailed in his talk, Successful SailPoint Implementations with Western Union benefits can come swiftly. Western Union was able to connect 85 applications within six months of beginning their SailPoint implementation.
Western Union had set ambitious goals for itself: replace their identity management system in a year, reduce operating costs, migrate 617 applications from their legacy system, all without disrupting any business processes. And, oh yeah, do it in one year, which they accomplished.
That’s certainly rapid transformation. Routh listed some things they did right, and some lessons learned along the way. Things Western Union’s security team did right in their deployment included picking the right partner to help with their identity implementation, conducting a phased implementation, planning the app rollout ahead of time, and good communications with their internal teams and external customers. Some lessons learned? Routh regretted they hadn’t established a disaster recovery environment prior to completing the migration. Additionally, Routh said if they were to do it over again we would have thought through a contingency plan in the event we didn’t accomplish the program goals.
Nothing worthwhile ever comes easy, and sharing such lessons learned so that others can more efficiently digitally transform their organizations is one of the great things about conferences such as Navigate.