When we talk about a strategic IDAM solution in inception, upgrade or replacement – we talk about the big messy organically grown Directories and how they should be well structured, and all Container nestings should be considered, the Address Lists floating around in various countries be synched somehow, what is now redundant should be culled.
We also talk about bolt on products – if Dell or FIM or NetIQ are good at Identity Management – Ping is great at federation. This, the product selection, is part of the big strategy picture but shouldn’t be evaluated in isolation and further into this article we discuss other considerations.
Do organisations think of IDAM system as an afterthought? SharePoint and TRIM projects, Directory strategy and BizTalk/MuleSoft integration projects take off much sooner with much greater Board room support.
The rapid pace of product releases and variations amongst competitors is another concern for strategizing – Microsoft has had 4-5 IDAM products (not just a major version of the product) in 10 years and Oracle IM is considered clunky, FIM does Certificate management but ping doesn’t in a big way.
Another consideration is Maintenance and Support – It is a concern all around. For Open Source systems, the concern is reliability of support and for Global giants the concern is a trade-off – being forced upon an upgrade/new release in exchange for ‘trusted reliable product support’.
Mix and match, consider and factor-in and factor-out; but what and by how much?
Perhaps the answers lie in a well thought out strategy:
Build an IDAM Strategy
Despite all of our best intentions, our experience shows that even the short term success of a IDAM solution is going to be a challenge without a sound IDAM strategy The old adage that ‘everything in IT is old in 1 year’ does not have to be true! Strategy to integrate the best of breed products, an IDAM timeline, acknowledge stakeholders and quality, consider subscription models for IDAM, consider cloud ready vs on premise vs hybrid.
Best of Breed
Identity lifecycle management tool, something which integrates with a widely used standard e.g. SAML or WS-Fed, reconciles identities, 2/3FA; get a separate product for federation, a separate one for Remote access (Citrix for e.g.), separate bolt on for granular application level access control.
Invest for long term
Cost and budgeting: Cost for long term thinking and that doesn’t always mean expensive – think of an IDAM solution as the account and access management backbone of all of your services – SharePoint applications and intranet portal, Office applications, partner applications hanging off ADLDS/claims based applications, SSO, HR systems. If something touches so many systems across your organisation – it must be important!
IDAM is for everyone; for all parts of the Business
IDAM is not only for big companies or certain kinds of businesses; it’s for everyone – granted it doesn’t make sense to have a full scale implementation of Dell/NetIQ/FIM for a 20 people company but there are so many small and/or free mini IDAM products out there which can get an organisation up and running quickly. At the very least it will provide Identity lifecycle management and some application integration.
Think Specialists, not generalists
Don’t get any IT person to do IDAM, instead get specialists IDAM architects, system integrators and consultants to design, build, support, enhance and manage identity products and data. Likewise, don’t generalise your IDAM specialists by getting them to manage your infrastructure (Stingrays, ESX hosts and VMware) or platforms (SharePoint).
Identity and access management is for Human resources, for Application systems, for maintainability and the employee, partner, customer Identity lifecycle management. Get your IDAM strategy right, don’t make it an afterthought and think long term investment!