ITSM Solutions and IAM Solutions Are Not Mutually Exclusive

ITSM Solutions and IAM Solutions Are Not Mutually Exclusive

At last an ITSM IAM shopping cart.

As ITSM professionals soak up the knowledge from ServiceNow’s Knowledge14 conference, it is interesting to see how the service management and identity management worlds are beginning to converge. Gone are the days when IT solutions only addressed specific target capabilities without meeting an organization’s greater needs. Now, identity management capabilities and service catalog capabilities are addressing similar needs in similar ways when it comes to requests of users.

There is a reason I am focusing on the term “Request” when I speak about what users may need in their daily business lives. ITSM solutions do provide excellent value when it comes to non-request interaction from users. Specifically, “Incidents” are tailor-made for an ITSM tool because the broader ITSM solution integrates with so many of the other ITIL-focused components that it only makes sense to keep these incidents/tickets within ITSM software. However, for dealing with day-to-day requests of services, software, assets and anything else, ITSM falls a little short.

The Evolution of IAM Solutions

On one hand, an “identity” faces many needs throughout their life at a company, and most of these needs come to life through the form of some type of request. Most commonly, these include requests for access, services and assets. However, a business user “Request” can be much broader than the traditional ITSM definition of an IT-related service request, and organizations are realizing that the old-school service catalog of the past simply isn’t cutting it anymore. Unfortunately, even the latest service catalog solutions are still awkward to use and not readily embraced by the business community. If people do not use a solution, or truly embrace the solution, it will be seen as a failure and its benefits will not be fully realized.

On the other hand, legacy identity and access management (IAM) solutions were primarily focused on only access requests with an often outdated, and technical user interface. These legacy solutions were never even considered as a service catalog solution, but the latest identity and access governance solutions, such as Avatier’s AIMS solution, provide both service catalog and identity management automation with an easy-to-use shopping cart interface. Now, these types of identity management solutions can truly be an alternative to address every request a user might have, and the integration frameworks of IAM tools allow for full automation of many requests. Plus, service management professionals already embrace IAM password management solutions, so expanding IAM into broader service management arenas is a natural trend.

IAM Solutions Redefined

Therefore, what I am proposing is a clear division of what should be placed in an ITSM solution vs. an IAM solution. The ultimate solution to this problem is to let the ITSM software manage all Incidents, while IAM software handles all Requests. The end-result will be greater automation, more productive users and lower costs.

          REQUEST = Identity and Access Management
          INCIDENT = Information Technology Service Management

People request services from all areas of the organization, and many of these requests can now be automated through open APIs of the various applications in use throughout the business today. What system provides connectors and automation capabilities to help manage identities? You guessed it, identity and access management solutions. The latest identity and access governance solutions are built with simplicity and intuitive interfaces that mimic real-world request systems that users are already familiar with from their daily interaction on the Internet. I am referring to sites like Amazon, eBay or anything leveraging a shopping cart mentality. Workers understand the Internet shopping process so they easily adapt to that same mindset when business applications follow the same mold.

Service Catalog IAM Solutions

With the advent of more user-friendly identity and access management solutions today, IAM is actually better positioned to provide expanded service catalog capabilities than IT-focused ITSM service catalogs. IAM solutions can even open tickets to ITSM ticketing systems so the same interface can actually be used for all the request and issue needs of a user. A single-stop shop for employee needs is a huge win as it reduces training and simplifies the landscape of end-user corporate tools.

As always, you should think innovatively about the technology solutions available to you because one solution branded for one capability might just serve a greater need if you use it in an innovative fashion. Identity and Access Management might just be the key to improving service management. Service catalog IAM solutions will make your users more effective and increase automation at the same time.

IT Service Catalog Best PracticesGet the Free Top 10 IT Service Catalog Best Practices Workbook

A successful Service Catalog roll-out requires careful planning, strategic decision-making and innovation. Before you start your IT service catalog initiative, learn from industry experts. Sidestep challenges that derail projects. Get our Top 10 Service Catalog Best Practices — The proven guide for successful implementations.

Request the Workbook

Written by Ryan Ward

Ryan Ward is CISO at Avatier, responsible for security initiatives as well as strategic direction of IAM and security products. A sixteen-year veteran of the security industry, Ward comes to Avatier after five years with MillerCoors where he served as Enterprise Security Manager of the brewing company and USA Information Security Officer for the public company SABMiller. In those positions Ward was responsible for all Information Security initiatives for MillerCoors. Prior to MillerCoors, he served as Senior Information Security Leader at Perot Systems while supporting the Wolters Kluwer account. He previously held the position of Vice President of Information Systems for Allscripts.Ryan is also a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP).