Think Broader than the “A” in IAM Identity and Access Management

Think Broader than the “A” in IAM Identity and Access Management

Identity and Access Management (IAM) applies to more than just accounts.

From working with various organizations, it is interesting to listen to differing perspectives about what capabilities identity and access management should encompass. Some people continue to believe that identity management only applies to accounts and access. This thinking limits operational and security improvements and ultimately leaves significant automation capabilities unrealized. My vision of identity management is much broader. Ultimately, it unifies several software solution categories to provide automation of just about everything technology-related.

Regardless of what capabilities are deployed to support identity management, information security and operational improvements are still driving factors for IAM implementations. Unfortunately, many companies dive into identity and access management projects with only security in mind, and they fail to think with a business-execution mindset. To gain the most value from these projects, they should also leverage identity management solutions for broader operational improvements. These operational improvements can span across access, integration, IT operations and more when you think innovatively.

Identity and Access Management Reconsidered

Think about it… if you want to “manage identities,” you really should to be able to automate anything an identity needs to do their job. This includes granting access to a cloud software application, a service request to HR, a request to receive the latest iPhone, or any other item requested by business users. But let’s not stop there, because many day-to-day operational responsibilities should be included as well to provide a one-stop shop for identity requests.

As I will discuss later, there is no reason identity management solutions can’t take on tasks that have typically resided in other areas of IT or the business. For instance, an IT server administrator should be able to request a VM be built and automatically spun up from an IAM system. Similarly, a finance person might request approval and generation of a custom report. A one-stop-shop for automation requests should be the end-goal of IT, and today’s identity management technology is best aligned to deliver that goal.

IAM Operational Benefits

The latest identity and access management solutions offer core features that allow for a broader definition of identity management. In fact, the architecture of existing next-generation identity management solutions is already structured to automate just about any IT-driven business capability. Let’s look at the key architecture components that enable the end-state vision of true “identity” management:

  1. Shopping cart user interface: Allows for easy browsing, searching and requesting of ANY type of request (remember, do not just limit your thinking to access requests.)
  2. Workflow Automation: Dynamic and easy-to-configure workflows ensure approvals are obtained from the appropriate individuals. Self-service workflow puts accountability in the hands of the business rather than IT.
  3. Auditing: Capturing data and providing reports on all workflow, administrative and execution events are critical to auditors and administrators. This information is needed to validate actions and troubleshoot incidents.
  4. Compliance Access Certifications: Access certification solutions do not need to only assist with access audits although many only provide this capability. This technology can also be leveraged to validate any assignment/request to an identity.
  5. Connector framework: Once the system receives the request and appropriate approvals, the connector framework can be leveraged to automate just about anything (not just access).

The Value of Identity Management Connectors

Obviously, providing an intuitive interface with the necessary approvals is critical. However, what makes broader capabilities possible is the Connector technology many identity management solutions utilize today. A connector accepts data and simply initiates actions on a target system that accepts queries or has APIs. There is no reason an identity management system connector couldn’t provide greater automation that takes identity management to the next level and elevates it beyond simply security-focused actions. To realize the complete benefits of today’s connector technology, IT decision-makers must think beyond traditional identity and access management usage.

Any system with exposed APIs, a backend database or other means of communication can be integrated via connectors. Since identity management systems already possess detailed user information, workflow capabilities, and the ability to capture other information via custom forms, the automation possibilities are nearly endless.

As you look at your current and future IT portfolio of projects, identify projects that are identity-related. Next, determine if those investments are truly needed or if a strategic investment in identity management makes more sense.

For an organization, the benefits of a focused identity and access management investment include: simplified technology environment, targeted projects, improved security, optimized operations and happier users. Without question, your user community will appreciate a common interface for all identity requests. It takes innovative thinking and leadership to achieve this vision, but the technology is ready if you are up for the challenge.

Get the Top 10 Identity Manager Migration Best Practices Workbook

top 10 identity manager migration best practicesStart your migration from legacy software with the Top 10 Identity Manager Migration Best Practices Workbook. Use this workbook to think through your information security risk before you transition to next generation identity manager software.

Request the Workbook

Written by Ryan Ward

Ryan Ward is CISO at Avatier, responsible for security initiatives as well as strategic direction of IAM and security products. A sixteen-year veteran of the security industry, Ward comes to Avatier after five years with MillerCoors where he served as Enterprise Security Manager of the brewing company and USA Information Security Officer for the public company SABMiller. In those positions Ward was responsible for all Information Security initiatives for MillerCoors. Prior to MillerCoors, he served as Senior Information Security Leader at Perot Systems while supporting the Wolters Kluwer account. He previously held the position of Vice President of Information Systems for Allscripts.Ryan is also a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP).