IAM Myth: Identity Solution Deployment Project

First and foremost: identity is not a project.

Certainly, deployment of identity technologies usually has a starting date. However, it does not have an end date. Identity solutions are never finished. They are never finished because they need to fit to environment that is changing all the time. Your organization is changing: people, organizational structure, work responsibilities, policies - they all change in time. External requirements are changing: cybersecurity legislation, standards, best practices. Classic cybersecurity saying is that attacks are always getting better, they never get worse. Security requirements are constantly increasing. As identity is at the very heart of cybersecurity, your solution must be able to keep pace. Your understanding of identity technologies is going to evolve as well. As your understanding grows, you begin to see the potential and new opportunities. You yourself will want to use the system to increase automation, to reduce mundane work, automate governance, oversight and regulatory compliance. Identity is always evolving. It cannot be "done". It does not fit into a project.

If you think about identity as a project, you are making a mistake - a very expensive mistake at that. The cost that you have paid for a project is not the final number. You have to be prepared to pay that cost over and over again.

This applies to all sorts of identity technologies access management (AM), repositories, federation, authentication, …​. but first and foremost it applies to identity governance and administration (IGA).

Identity solution must be built and maintained. It must be able to evolve. It has to grow, slowly and organically.

This does not mean you have to abandon all sense of control or oversight. Quite the contrary. You have to stay in the control: prepare plans, define scope, set milestones and deadlines. However, be prepared to proceed in iterations, each iteration incrementally improving the solution. As the effort proceeds, the iterations may get shorter or longer, depending on your needs. However, the effort never really ends. This is not a project, it is a long term program.

In case that you cannot do it yourself, find a partner that understands identity. Such partner would propose a complete program to you, not just one-off project. As with many other things in life, long-term sustainable cooperation is key to success.

Identity solution cannot be bought. Money is not enough. There needs to be something else as well. You need to get your hands dirty.

Identity solution must be a good fit for your organization. It works with identities after all: people, roles, organizational units, policies - these are very specific to your organization. This is the core that makes your organization unique, this brings the value, this is what your organization is. Even the best external identity expert cannot work efficiently without knowledge about your organization. Only you can provide that knowledge. Efficient identity programs are always a cooperation of identity expertise and organizational knowledge. If one of that is missing, no amount of effort or money will be enough.

You might be tempted to rely on artificial intelligence (AI) to provide the missing part. Certainly, AI can provide a substantial boost in many areas, including identity deployments. However, AI will not replace your intelligence. Your knowledge, skills and experience are still needed.

The prospect of identity program that never ends may look daunting. However, it is not scary at all as long as it is well prepared and properly managed. Once the program is started, it pretty much guides itself along the way. Perhaps the most difficult part is the beginning. Therefore, we have prepared a methodology to guide your first steps. This methodology is designed to be used with midPoint, however it can be adapted to other IGA systems as well. Also, as you might have already guessed, IGA is a very good starting point for identity program.

In case that you still do not feel confident to start and you would like to know more details, we could recommend our book. The book is freely available on-line. The first chapter of the book provides quite a comprehensive introduction to identity and access management (IAM) technologies.