Ninja Tip – 5 Strategies for IAM Success

Here are five tips that will set you up for success with your IAM program and help you avoid the pitfalls that normally stand in the way of IAM success. Number one, start where you are going to have the biggest impact. IAM is many-faceted and can be a really big undertaking if you choose to attack it all at once. That's a sure path to failure. Instead, I recommend that you look at the whole of IAM and choose the one thing that will get you the biggest impact the quickest. If that's making users' lives easier with SSO, go for it. If that's increasing security by unifying and automating provisioning, do that. If it's addressing the high risk of privileged accounts, cool. Or if it's just solving the problems of one key system, like Active Directory, do that one. Either way, once you solve the first problem, you move on to the next, and then the next, and then before you know it, you're very far down the road. Number two, give yourself some credit. Something is better than nothing. A lot of people view IAM as big bang, all or nothing undertaking. As I just mentioned, you can't solve all the problems at once, but you can do some good. And be sure to celebrate your victories, even the relatively small victories. A win is a win, and you can't take the title until you've won enough of the regular season games to qualify for the playoffs. Embrace the journey and recognize that you are doing some really great things. Number three, without IGA and PAM, SSO doesn't matter. Single sign-on, or as the industry calls it, access management, is the most visible aspect of IAM, but even the sexiest SSO program is useless if the underlying identity governance and administration foundation is broken or if your privileged accounts are out of control. So of course, do access management, it's important, but don't assume that it's enough. IGA and PAM are even more critical and even more impactful. Number four, go for the quick win. While the technology battle in IAM is important and you can solve the problems with almost any solution if you have enough time and money, perhaps the most important battle is the political one. Nothing derails an IAM program faster than lack of executive buy-in. Make sure that your program has well-defined, achievable, and highly visible milestones that will show your executives that IAM is delivering value and making a real difference. And number five, don't ignore the legacy systems. Just because something's old doesn't mean that it doesn't need IAM. Don't be distracted by the shiny new things, like the cloud or RPA when there's a cesspool of broken sitting right behind you in your legacy systems. IAM in all its flavors is critical to the entire enterprise and must be implemented on each and every system in the enterprise. Just because you're moving to Azure doesn't mean you can ignore your on-prem AD. IGA and PAM must be applied equally to all systems, not just the sexy new ones that are getting all the attention. You're just one breach away from your legacy system suddenly being the hottest item on your plate. And that wraps up the five strategies in this Ninja Tip.