What is identity management?
Identity management (IDM) is a cross-functional discipline which shapes and is shaped by governance, architecture and technology. The broad remit of an IDM strategy is to improve efficiency and compliance in the context of managing people's access to systems and data.
The sterotypical view of IDM is that it's account management automation. While this is an important facet, this only relates to the technology component and promotes the likelihood of the strategy being technology-led rather than business-led.
An IDM strategy is shaped by regulatory, legal, organisational and reputational policy inputs such as the Privacy Act, industry accreditation, insurance requirements, etc. These policies directly influence the derived architecture and implementation.
ISO 38500 provides a solid model for navigating the iterative policy refinements required to realise the efficiency and compliance objectives.
What can an IDM strategy do for your business?
How much you gain from adopting an IDM strategy depends on your starting point.
For example, if you heven't yet tackled the governance requirements, the potential gains are significant and will benefit the organisation as a whole - if done well.
Successful identity strategies sort out the policies and procedures around data with a view to making it an organisational asset, as distinct from the traditional siloed approach.
Some benefits of a good strategy include:
- Improved customer-facing responsiveness.
- Accurate, consistent data across systems.
- Easing the adoption and integration of systems.
- Removal of inefficient manual administration.
- Good security practices such as "role-based", "just enough" and "just in time" access.
- Facilitates self-service where full automation isn't achievable.
Ignoring governance and simply dropping a system in touches on the same areas but delivers far less benefit overall.
Which IDM system should we choose?
The short answer is it doesn't really matter. They're all capable of achieving roughly the same outcomes, they just have different starting points.
Some general points to consider are:
- Don't buy off a sales pitch when it comes to IDM products as reality rarely matches the hyperbole.
- Synergies with key technology strategies, systems and existing in-house skillsets are important.
- If you're an Azure customer with an aggressive Azure AD + SaaS/PaaS strategy, try to leverage Azure self-service interfaces ahead of any from the IDM so you present a unified experience to your users.
- None of them do everything you want out of the box. Budget for a good dose of post-adoption customisation.
- Licencing, professional services and support agreement costs vary significantly between products. It's also prudent to consider the intangibles such as skills availability in the market for the product.
An IDM system is essentially an integration system, which is why identifying those synergies with the broader technology landscape is crucial.