Straight From-The-Trenches Advice For A Successful IdentityNow Deployment
About a year ago, Terry Garbo, senior information security engineer, decided to find a way to cut costs associated with service desk calls in his organization. He decided, with better identity governance, he’d help staff to manage their password resets.
“My goal for us to work smarter would be to eliminate those service desk calls and empower users to be able to manage their accounts. And I knew we’d save money in the process,” Garbo said. He was right. After a successful IdentityNow deployment, Garbo learned the first-year savings would be over $800,000, and, after privileged accounts were incorporated, those savings could go over $1 million.
Garbo shared many lessons he learned during his deployment – lessons that will help others be successful, too.
Maintain good lines of communication throughout the organization.
Garbo explained how the identity team kept everyone throughout the organization up to date; from the CEO down throughout the organization, everyone knew what changes were on their way. While the CEO and executives received abbreviated updates, because they were already briefed on the initiative, the end users received instructions with incredible detail and everything they needed to know to become registered and running. Garbo said effective communication was essential to their success.
For the first two weeks, Garbo sent out a quick IdentityNow update at 4 p.m. daily. His leadership wanted stats, he said. How many people registered? How many people are pending? Those figures he easily pulled from IdentityNow reports.
Work closely with information security.
It’s important to work with the security team to make sure the effort is done securely, he explained. Proper white- and black-listing of malicious IP addresses and block ranges where users will never register from can enhance security. For instance, IdentityNow can be configured to block people, block ranges, IP branches and countries. For example, if all users will be based in the United States, it may be reasonable to block all other country domains. Also, so that there aren’t any issues or communication breakdowns, it’s important that the security team knows what policies are in place.
Work with Customer Success Manager.
Always communicate with your customer success manager weekly, or more, and integrate him or her into your workflow. “When you engage with your customer success manager, your success is their success. They don’t want failure, you don’t want failure, and they’re going to do everything that they can to make sure you’re on the straight and narrow and keep things on track,” he said.
Make sure to budget for training.
When deploying an identity management platform, an organization is making a significant investment into the efficiency and security of the organization, and it’s important to make sure staff understand how to use and benefit from the system and that IT teams can effectively manage it. “You need to have people who are trained, qualified, in the day-to-day operation, care, and feeding of the products. Make sure the people responsible can maintain the toolsets,” he said.
Utilize templates made available.
IdentityNow provides templates that have been created to help expedite deployment. Garbo recommends that organizations use and customize these templates for their organization. “If the system looks and feels like it’s coming from your organization, users will be more apt to act appropriately and not delete or ignore,” he said.
Make certain to cross-train teammates.
It’s essential, whether because of an unexpected illness or someone leaving an organization, to have multiple people capable of managing the identity management efforts. That requires good cross-training efforts. Garbo recommends that, at a minimum, someone is aware of everything that the lead project manager knows and is doing. Knowledge sharing is key. Don’t keep secrets.
Consider going out to meet with remote offices.
It’s important to get out and listen to the various business units, said Garbo. Garbo explained how he listened to the actual users and heard how the identity program was working for them. During his road trip, Garbo said he also took the opportunity to speak with senior supervisors and trained them on the processes, so they could train others.
“Every organization is different, but I found these lessons to be important for success,” Garbo said.