The “Why” In Identity
Orrstown Bank leverages the power of identity to streamline manual processes and scale their business. Humana harnesses the power of identity to better manage 55,000 users across 2,700 roles. Molina Healthcare utilizes the power of identity to strike the balance between security and convenience for their 20,000 employees.
Companies find the “why” in identity when they realize that by solving one pain-point they could kill two, three or four proverbial birds with one stone. We’ve had customers come to us initially asking for “something to help with compliance” or “something to ease the workload on IT,” only to find identity does so much more.
Your immediate need might be to address one issue, but the long-term the goal or goals of your program should be much bigger, making it incredibly important to not be short-sighted during this process. Think about it on the scale of saving more than a million dollars, or cutting hundreds of hours annually off grueling IT processes.
These are the questions you should ask as you search for the “why” in your own identity program.
Why does the business need identity?
This is the time to do a situation analysis. This is the time to ask the hard questions. What are the biggest pain-points facing IT when it comes to addressing the question, “who has access to what?” Is it efficient onboarding? Requesting access to applications and data? Monitoring privileged user access? A slew of regulatory compliance requirements demanding to be met? All of the above? Building an identity governance program with controls to both manage and secure employee access, while also securing sensitive patient data, was put at the top of the security priority list for Integris health, for example.
What is the baseline?
Set your baseline by determining which security processes are manual, which are automated, and how long they take. This will help provide some foreshadowing for how your implementation should go once you implement an identity program. Orrstown Bank began their identity journey by pinpointing the highest-risk and most complex areas of their technology stack. Now we even have the Identity Risk Assessment to do a lot of this work for you.
Are there defined goals you want to achieve?
Now we’re to the goal-setting part of this journey. The success of the endeavor will be judged on what value it gives to the business. The key for these goals, though, is that they must be clearly measurable and tangible. Simply “increasing the efficiency of the business” isn’t enough. Take the quantitative and qualitative data you collected in the first two steps to make your business case.
So now it’s your turn. Why do you do identity?