Reduce Identity and Access Management Risks with a Holistic Needs Assessment

Reduce Identity and Access Management Risks with a Holistic Needs Assessment

Assess technology and business needs.

I’d like to think that I can figure out just about anything with technology, but from time to time I have to step back and think if my fresh research on a topic would truly be comprehensive enough to solve the organizational problem at hand. This is even more relevant in today’s age of technology where you must be able to understand the business side of the problem just as much as the technology.

This leads me to thinking about IT projects and the critical need to really nail down the initial phases of the project or suffer later in the project with scope creep and cost overruns because requirements were inaccurate. In the past, I was always willing to dive in and figure out requirements and solutions without involving outsiders. I still feel this is possible for strong IT leaders who are willing to stay engaged throughout a project where they have expertise, but some IT projects simply can’t afford to have part-time “jack-of-all-trade” resources determining business and technology process deficiencies and corresponding solutions.

One such area is identity and access management strategic initiatives, which continue to have a not-so-perfect track record of delivering on promises. So many variables can creep into an IAM project to make it fail. Even if all processes and technology choices are identified perfectly, the project can still fail because the phasing and release of solutions is wrong for the organization. If an organization is not ready for the change, improper sequencing can derail efforts and snowball into a completely different beast.

So where am I heading with this? Basically, for some projects there is value to call in external help to get that expert view of where you stand today and what is needed to help you realize your vision. IAM and other Information Security and governmental cyber security projects are definitely key areas that are aided by an external view.

The best partners in this space are NOT the big consulting firms who throw recent college graduates or lower-skilled resources at your problem. Focus on finding a partner who is a true identity and access management expert who understands all aspects of the problem. If you do not do this, you run the risk of spending thousands and maybe hundreds of thousands of dollars more on the project when it is discovered that minor details were missed which turn into considerable rework.

An initial expert assessment of technology and business needs prior to kicking off a full project can dramatically reduce risk in these tricky project areas. For IAM, a holistic identity lifecycle assessment can provide valuable information to help drive the actual IAM project. The investment upfront is recouped during the requirements gathering phase where most of the process and technology research has been provided within the assessment. Plus, the results of these assessments can be leveraged to actually sell your case for funding the project. Executive leadership will often respect external views that are framed with risk in mind, and provide support when you need it when they realize IAM can improve business operations.

Whether you are focused on IAM, an ERP implementation or supply chain enhancements, spend time upfront to ensure you truly understand your problems. Bring in niche experts to help you gain confidence and to map out the strategy to success and don’t expect a standard Business Analyst or other consultant to be able to truly think through these unique concepts. You will only set yourself up for failure which can be costly for both you and your organization.

Follow Ryan Ward, Avatier Chief Innovation Officer and Chief Information Security Officer, on Twitter at

To learn more about Avatier’s identity management solutions watch the Gwinnett Medical Center user provisioning and password reset case customer case study.

identity management analysts white paper. Get the Free KuppingerCole Identity Management Analyst White Paper

Learn the role IT automation and business driven self-service administration play in creating lean operations. KuppingerCole’s Assignment Management — Think Beyond Access describes the shift in IT operations from tightly controlled identity management processes to workflow enabled administration.

Request the White Paper

Written by Ryan Ward

Ryan Ward is CISO at Avatier, responsible for security initiatives as well as strategic direction of IAM and security products. A sixteen-year veteran of the security industry, Ward comes to Avatier after five years with MillerCoors where he served as Enterprise Security Manager of the brewing company and USA Information Security Officer for the public company SABMiller. In those positions Ward was responsible for all Information Security initiatives for MillerCoors. Prior to MillerCoors, he served as Senior Information Security Leader at Perot Systems while supporting the Wolters Kluwer account. He previously held the position of Vice President of Information Systems for Allscripts.Ryan is also a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP).