The Hierarchy of IAM Needs

I wrote an article that appeared in VentureBeat In this article I compared the principles of privileged account management to Maslow’s Hierarchy of Needs that we all know and love from Psychology 101. In a nut shell, I proposed that it was time that the securing of administrator access and privileged accounts finally moved from the mundane (but necessary) access, security, and control tasks into the more strategic (and more valuable) management and governance areas.

But this idea isn’t limited to privileged account management. IT really can be applied to any area of IAM. Here’s what my hierarchy looks like, next to Maslow’s.


So what does this have to do with me? You may ask. Think about your IAM projects. Where do they each reside on this hierarchy? Where do you ultimately want them to end up? I would argue that the purpose of everything we do in IAM is to get to a governed stance, but a vast majority of the investment and effort put into IAM is bogged down at lower levels. But they don’t have to be.

Approaching any IAM project – whether it be provisioning, single sign-on, password management, privileged account management, attestation or recertification, access request and fulfillment, or whatever you may be dealing with today – with an eye towards governance will remove many of the barriers that traditionally make IAM so difficult.

So from an actionable, real-world standpoint here’s a few ideas to ponder:

  1. Ask yourself, “does this solution or this approach enable my business or does it simply plug the leak of the day?”
  2. Approach every project with a view towards flexibility and increasing simplicity – avoid adding solutions if that solution only addresses one small part of the bigger problem or is only relevant on a small portion of your enterprise or a subset of your user population.
  3. Make governance tasks – provisioning, attestation or recertification, and audit – the theme that runs through everything. Ask yourself,” does this solution require me to duplicate efforts?” “Does it rely on IT for things that are really the responsibility of the line-of-business?” And, “is it making things simpler or more complex?”
  4. Where am I going to go to address the next IAM challenge that I haven’t even thought of yet? Obviously, I would recommend choosing a partner with a comprehensive IAM offering, that is business-driven, modular and integrated, and above all provides a path to governance regardless of the type of solution it is.

I would argue that only the One Identity family of solutions adequately addresses all four and takes into account the ultimate goal of everything we do in IAM – governance.

Anonymous