By: Jonathan Edwards, Vice President, Business Strategy and Consulting Services, SecureITsource, Inc.
Working with many types of customers across many industries, we have found that regardless of their size or what they do, IAM maturity is a frequent topic. Companies want to know how to determine where they are in the journey, and how they will know when they’re done (Pro tip: you’re never done.).
Recognizing a good question when we see one, we investigated and found that while analysts and identity solution providers all had answers, none of the answers were the same … or even similar. That’s not to say these models were wrong, but they all had their own perspective on a topic that’s extremely complex and unique to the company deploying it.
As we reviewed industry and vendor implementation studies, one statistic really stuck out: A whopping 75 percent of all identity programs are considered a failure by their business and the users it supports. That spurred us to look further at the IAM models in existence, and in doing so, we identified a gap we thought was important to address.
All companies are different, and although the complex problem of identity will vary, there are still similarities across companies and industries. In creating our IAM Maturity Model, we took a logical approach, developed from years of experience gleaned from both successful projects and those that failed. We started at zero and eliminated all preconceived ideas to build a plan that’s helpful no matter where you are in your IAM journey.
We knew we had to build a model that assumes nothing is in place. No standards. No certifications. No identity program. Nothing. Then, we looked at our past projects and dissected them to determine what made clients successful and what we could have done better.
When we dug deeper, we discovered that there were two commonalities, the first being a functionality-based approach that focuses on automating manual processes with features offered in a product (potentially garbage in, garbage out if the processes are poor), and second, a governance-based approach that looks at building a foundation built on policies, consistency, and repeatability. While there are always variables that play a role in a program’s outcome, we have found that a governance-based approach shows a higher chance of success, and accordingly, any model we developed would follow suit.
In today’s business environment, the lines between identity types are blurred. Whether you’re talking about the customer, workforce, vendor, or robots, the need for managing each identity type is becoming increasingly similar. A workforce foundation allows an organization to move to a mature identity program over time, and because of this we wanted to ensure that our model focused solely on internal workforce identity.
Finally, when we put our CISO hat on, we recognized that it’s important to create an actionable checklist to help companies on their identity journey. There are numerous factors to consider in an IAM program, and it’s difficult to capture everything, but we wanted to create a simplified model that is consumable by everybody.
Our IAM Maturity Model is based on five categories that provide a high-level representation of the steps that must be taken on path to IAM maturity:
Each category is composed of a series of levels that represents an organization’s actual level of maturity. To be sure, this isn’t a waterfall-esque project plan, but rather a guideline on how to implement or improve your IAM strategy.
I’d encourage you to watch our latest webinar, Five Steps to Achieve Identity & Access Management Maturity, to learn more about each of the levels of IAM maturity and how we developed them. We think you’ll see that what sets our IAM Maturity Model apart is that we try to quantify (and qualify) where a company currently stands with its program. Some models are very high level, but they don’t tell you what you need to do to get from A to B. As a CISO, if I’m looking for guidance, I want a “how-to” and not just generic tasks. Our model allows organizations to see where they fit, where they are lacking and provide actionable items that help them get to the next step.
While it’s certainly possible to start on the IAM journey on your own, we always recommend bringing in the expert. An organization that understands identity can build out an agnostic roadmap, but working with a solution partner who is equally vested in your success will translate into having an executable roadmap that allows you to go to stakeholders with realistic expectations on providing value to the organization.
If you’re ready to get started, we’d love to hear from you. IAM is what we do, and your success is our success, too.
Want to know more?
Watch our latest webinar: 5 Steps to Achieve Identity & Access Management Maturity