10 Reasons why identity projects are about much more than identity and access management

Source: http://www.microsoft.com/health/en-gb/articles/Pages/access-management.aspx

1. Implement smart
Look to roll out technologies once, even tactical ones, as a part of a broader strategy. Don’t put yourself in a cul-de-sac for the next steps.

2. Don’t follow broken working practices
Automating them doesn’t make them better.

3. Remember the users
If the processes you introduce are difficult, users will look to short cut them so that they can do their jobs efficiently.

4. Launch the programme with a publicity campaign and champions
Ensure adoption with your users and create some interest before “go live”

5. Start small and build
Many identity programmes have been abandoned with scary amounts of money wasted. Why? The organisation has been too ambitious at the outset.

6. Manage the exceptions, not the norm
Again, an obvious one, but over-complicating matters by taking a “bottom-up” approach will add cost, complexity and time to your project.

7. Know what the art of the possible is – and the cost
Cross organisational working or information sharing lends itself to over complicated, expensive or just plainly unnecessary approaches. Technologies such as federation allow users to be managed from their host organisations and secure solutions implemented in weeks.

8. Educate your users to the risks
Compliance violation, risk of being compromised; users don’t necessarily appreciate the risks of sharing a password or login. Explain it in basic terms. “You could be blamed for someone else’s transgression.” “Security is like Health & Safety – it is everyone’s responsibility”.

9. Build your business case well
It is not just about “ROI” and we shouldn’t pretend that this is the case. More effective working, less risk and user satisfaction all play a part and sometimes we get carried away with projected savings that are simply unreal. The softer organisational benefits should be clearly described.

10. Do nothing and you will fail
User dissatisfaction, difficult or impossible management and auditing, help desk overload. These are symptoms of poor identity and access management. Introduce new applications, new transformations on top of this, and whatever cost you have in mind will rise exponentially.