Build the Case for an Identity and Access Management Program
How a formal program management approach can help IAM and IT leaders accelerate adoption of IAM capabilities.
No longer limited to security functions, identity and access management (IAM) has expanded its influence into new domains that include supply chain, consumer IAM (CIAM) and the Internet of Things (IoT). It’s no surprise then to see IAM emerging as a leading business accelerator, particularly as organizations embark on digital transformations.
Despite IAM’s growing influence, many IAM and IT leaders still struggle to position it as a strategic business priority and secure adequate resources and investment to fulfill their initiatives.
“Formal IAM programs are becoming a necessity”
According to Kevin Kampman, research director at Gartner, a large number of IAM programs are at early stages of adoption. Communications and recognition remain informal, leading to inconsistent adoption and employment of IAM capabilities.
“IAM is inherently complex and requires the discipline that only a program management approach can provide,” says Kampman. “As organizational IAM needs are expanding and diversifying, formal IAM programs are becoming a necessity.”
To justify and support the development of a formal IAM program, IAM leaders are asserting themselves into digital transformation initiatives, such as CIAM and IoT. They also need to work closely with key stakeholders and executive management to relate the benefits of the IAM program directly to business outcomes.
Here are three steps that will help IAM and IT leaders build a case for their IAM program.
- Enlist an executive sponsor
Few IAM leaders currently have the social capital or organizational recognition necessary to be an effective advocate for IAM and business alignment. To remedy this, identify a champion to promote and communicate the benefits of the IAM program. A successful IAM program begins at the top, so identifying the right business advocate to promote and sustain stakeholder interest in IAM is key to the success of the program. Good candidates include the CEO, company secretary or chief legal counsel.
- Collaborate to innovate
Collaboration with and interaction between the digital principals — marketers, architects, designers and developers — will expose the IAM team to new perspectives and mutually beneficial opportunities. By aligning with the digital business strategy, highlighting the impact of innovation and the shift away from operational thinking, IAM or IT leaders will be able to make a case for IAM staff to take on new responsibility and commitments.
- Implement independent governance
Governance provides a program with the responsibility and the authority to manage its constituent activities, and holds it accountable for the results. While it’s important to determine how governance is approached in the wider organization, recognizing IAM as an independent IT governance discipline will ensure clear accountability and decision rights for IAM in the organization.
Gartner clients can read more in “Why You Need an IAM Program“ by Kevin Kampman et al.
Managing Risk and Security at the Speed of Digital Business
Digital business challenges the basic principles of information risk and security management. Risk and security leaders must understand…
Ransomware Protection: Facts and Myths
Solutions for preventing, detecting and recovering from ransomware have strengths and weaknesses. What are the true facts, and what myths…
Learn more at the global Gartner Security & Risk Management Summits.