What do IAM and "making whoopee” have in common?

During the summer between my eighth and ninth grade years, I worked at the local elementary school as a janitor. My job, along with one other kid was to clean the school from top to bottom to get it ready for the next school year. It seemed like the majority of the summer was spent washing desks and chairs. This other kid and I discovered that our keys worked on the school library, so we wheeled out the color TV and, while we scraped gum off of the underside of desks and chairs, we watched whatever was on the three broadcast networks or PBS. So we ended up watching a lot of soap operas, talk shows (Mike Douglas anyone?), and game shows.

We discovered a game show called Match Game (I guess this would have been Match Game 77 or 78) and it quickly became our guilty pleasure. If my mom had known I was watching this irreverent, and slightly proactive (at least for a 14 year old) show, I’m sure she would have demanded I quit the job, or promise to only watch the PBS channels while at work.

Match Game was hosted by Gene Rayburn and involved a panel of six celebrities (I assume they were celebrities, but I only ever saw them on this show) who would try to match their answers with those provided by the two contestants. The questions were always formed as a fill-in-the-blank question that left lots of room for off-color answers and double entendre:

“Johnny always put butter on his                           “

“Did you catch a glimpse of that girl on the corner? She has the world’s biggest         “

“Whenever our family goes to the church picnic, our favorite activity is                                    “

As you can imagine, hilarity often ensued.

Invariably, if given the opportunity, mainstay “celebrities” Brett Summers, Nipsy Russell, and Charles Nelson Riley, would use the “making whoopee” answer, which was sure to elicit uncontrolled laughter from the audience, and blushes from a pair of 14 year old janitors.

So what does this have to do with identity and access management?

We recently contracted a through survey of companies with more than 1,000 employees across a wide range of geographies and industries. The questions focused on those companies’ current approaches, future plans, and challenges with IAM. One question in particular seemed ideally suited for the Match Game treatment.

“My most pressing and immediate IAM need is                                         “

To my disappointment, “making whoopee” was a statistically insignificant answer, but the real answers from these real organizations revealed some interesting results. From the most popular answer to the least, respondents said:

  1. Securing mobile users and BYOD (21%)
  2. Removing the risk of users having inappropriate rights (20%)
  3. Satisfying audit and compliance needs (19%)
  4. Eliminating the inefficiency of users having multiple passwords (15%)
  5. Making provisioning and de-provisioning more efficient (13%)
  6. Locking down privileged accounts and administrator activities (12%)

That’s only a nine percent difference between the most common need and the least common. By diving a little deeper into the possible reasons people selected the answer they did, I see two drivers at play at virtually every IAM project.

First, there is a compelling need to make sure that the right people have the right access to the right resources in the right way and that all that stuff is done right. Basically access control and governance over access is driving the largest number of IAM projects. That makes sense.

Second, there is an undercurrent of trying to accomplish access control and governance in the most efficient manner possible.

So why is this all so hard? I think it boils down to the way IAM has traditionally been addressed. Going back ten years of so, IAM was all about custom-building solutions to address the unique access needs of each organization and their unique user populations. For a long time that was the only way it could be done. But it invariably resulted in bloated IAM projects that ran way over budget, never reached conclusion, and required myriad point solutions to plug the holes. IAM becomes more complex and more of a barrier to business agility than an enabler.

That was then, this is now.

Solutions exist today (and I’ll use the Dell One Identity family of IAM solutions as an example) that provide all the access control necessary, but do so in a manner that actually simplifies things, delivers rapid time to value, does not lock the organization into a rigid, expensive, and limited technology framework, and can easily expand and adjust as needs change.

So if securing user or administrator access is on your radar. Or if the current way you secure access seems to be preventing business agility, I recommend you look into the Dell One Identity family of solutions. You can learn more by reading the ebook series Identity and Access Management for the Real World.

And if I get inspired to reminisce about more adolescent game show moments, I might just blog about more survey results.