January 27, 2017

The desire for an enterprise to be secure is an easy thing to imagine. There is an untold volume of sensitive information that they need to keep their business running. Source code. Personal employee and customer data. Financial information. Competitive analysis. The list goes on.

But organizations also have a responsibility towards their employees to make their jobs as efficient as possible. This means looking at the bottlenecks of processes and resolving issues that halt productivity. But keeping the enterprise secure and allowing the flexibility employees need in order to do their jobs is a difficult balance. This is one of many cases where organizations turn to identity management to help.

Where Do You Start?

At the beginning of this millennia, when the Internet was just beginning to become a daily part of our lives and a second phone line at your house was a godsend, cybersecurity as we know it today hadn’t yet come to fruition. Most security processes were set around increasing the efficiency of the organization.

For Weight Watchers, one of the initial identity management catalysts was the move away from manual regulatory compliance management efforts. “From a compliance perspective, collecting your data and validating your processes manually is not the place you really want to be,” said Paul De Graaff, head of security and compliance at Weight Watchers.

Building the Case for Identity

Often, organizations – and those in the lead – don’t ask for an “identity governance” solution. They ask for something to help with compliance and audit efforts. Or to reduce the costs of the helpdesk. Or to help employees be more productive. While security of important applications and data is more than likely always on the mind, it may not be known that a proper identity implementation can help with all these things.

In order to find where the most pressing issues lie and then build the case for identity in an organization, several steps must be followed.

Find what the business needs.

The first step must always be to find the root cause of what the identity solution is being implemented to solve. No two organizations are the same, and they each need their own investigation as to what is the most important pain point and how far the solution needs to be integrated into the current systems to solve that pain point (as well as the other frustrations and issues the organization is experiencing).

Determine the baseline.

Once the needs are documented, it’s time to write out the whole process of what happens and where the spots are that need rectified. Create a map of which security processes are manual, which are automated, how long they take, etc. This will help to not only figure out the current status of the organization, but will facilitate the future implementation of the identity management  solution.

Set goals.

No plan is complete without metrics and goals. The first two steps are on what the rest of the implementation will be based, but the success of the endeavor will be judged on what value it gives to the business. The key for these goals, though, is that they must be clearly measurable and tangible. Simply “increasing the efficiency of the business” isn’t enough; statistics and values must be given. This is another reason why the first two steps are of such importance.

Create the financial model.

Each organization – and its executives – wants a particular version of financials that make sense for them: projects can be valued based on how quickly the investment is paid back in terms of time or funds. The key for success is to put the financial model of the identity management business case in the metrics the organization uses most, and expound those metrics in every way the identity solution will help the business.

The Power of Identity

Enterprises may implement identity into their security infrastructure from a need to fix a problem, and it may solve a great deal of them, but the fact is that identity governance can actually empower the business. Identity – when implemented properly and with the right support – allows organizations to strike the correct balance between security and flexibility, and let the business do what it set out to do in the first place: grow.

For instance, while the SSO dashboard that was originally implemented to help employees log into the system, applications and data stores they need to do their jobs, it is now part of the full suite of governance capabilities. Rather than just ease login frustrations, the full identity platform is now helping with compliance and audit efforts, managing identities and mitigating risk across the entire enterprise.

Compliance is a never-ending chore. Identity automates it, and we are saving a significant amount of time and money – and improving accuracy.

— CISO, Major Financial Institution

Best of all, each system is integrated with one another so that IT has full visibility into their systems to ensure policies are followed, violations are prevented and notifications can be sent to the appropriate parties when needed. Now armed with all the information, IT can make the right decisions to better protect the organization. Automation in the identity governance platform ensures that some risks are mitigated before they become real issues. Rather than complicating matters, identity has empowered the business to be both secure with its sensitive data, but also flexible enough to let its users work how (and where) they like to work.


While organizations may have begun their identity governance path with solving a particular issue, the complications that can arise from improper implementation and insufficient support can often cause more problems than it fixes. The security and confidence that comes from a true identity governance solution allows today’s modern enterprises to focus instead on what really matters. Chase opportunities. Innovate with products. Expand to new geographies. Gain a larger competitive advantage. These reasons are why you do identity. Learn More.

Find out how SailPoint can help your organization.

*required field