When It Comes to IAM, the Simple Things Can Ruin Your Day

Identity and access management (IAM) is often reserved for large strategic projects such as governance, enterprise provisioning, or privileged account management. Without question, those things are very important and deserve the attention, budget and effort they get.

But there is another whole layer of IAM, one that falls more to the tactical, day-to-day tedium of simply enabling users to get to the systems and applications they need to do their jobs. Most organizations attack these IAM tasks as simply part of daily IT operations, without any conscious consideration that what they are doing is fundamentally IAM. But anyone who’s been doing IAM for any amount of time, knows that it’s all about the basics: giving users the access to the things they need to do their jobs and doing it in a manner that reduces risk and promotes security.

The road to governance, or privileged management, or provisioning success is littered with the smoldering remains of failed directory management, or single sign-on, or password management, or authentication projects. These “tactical” IAM projects are where the majority of effort is typically targeted, the majority of budget goes, and the highest visibility for the regular folks that IAM must serve exists. Think about it, if you can’t get to your stuff it doesn’t matter how cool your company’s governance or PAM solution is.

In reality though, you can’t even think about governance if simple access control is a mess. Is there anything that is a bigger waste of IT time than password resets?

If you’ve followed my blog posts you know I’ve got this theory of IAM being equated to Maslow’s Hierarchy of Human needs.

I think that the path to IAM “self-actualization” runs directly through access, security, control, and management. And those are the “boring”, “old fashion”, “tactical” projects that, in reality, require the most IAM time and effort.

It follows that struggling with access management inevitably results in a failure to achieve governance. Conversely, organizations that get access management right are much more likely to find governance success.

We have been helping organizations with all types of IAM, across all levels of the hierarchy for years. And we’ve seen both successes and failures. Through all of that experience, there are several common themes and proven best practices that can help an access management project (whatever form it may take) successfully lay the foundation for future governance success.

I’ve written an eBook called Future-proofing Your Tactical IAM Projects that details those lessons and is designed to ensure that your project doesn’t lay smoking on the side of the road.

If you would like a more detailed discussion of the topic of access management and the many facets of these projects, download our other eBook Identity and Access Management for the Real World: Access Management.