Planning your IAM solution

As a provider of IAM solutions we’ve had the privilege of working with many client projects. Thanks to this experience we’ve got a good understanding of what it takes to deliver a successful IAM implementation. This is the first in a series of posts where we share these learnings. We hope that you find them useful when planning your IAM project.

An IAM project is a major undertaking for any organisation so just deciding how to approach the project can be daunting. It is well-known that “failing to plan is planning to fail”. But it is also true that “no plan survives first contact with the enemy”. It is also easy to get distracted or overwhelmed by details, and so “lose sight of the forest for the trees”.

If you don’t know where you’re going, you’re unlikely to arrive where you need to be. The goal of this post is to set out the key strategic issues that will help you develop a plan. When you have the answers to these questions, it becomes easier to get clarity on the more detailed, tactical issues.

Before we start, we need to stress a fundamental point: implementing a solution without knowing your priorities is inviting disappointment. Only you can decide your strategic priorities for IAM. So, the first step is to ensure that your business’ leaders are clear about the business outcomes they expect.

The first key issue is the solution’s delivery model. Do you want to operate the IAM solution; or would you prefer a managed service; or some kind of hybrid? Ultimately the answer depends on how much of IAM is a strategic competence of your business. There is a clear market trend towards Identity as a Service (IDaaS) so we will explore the opportunities offered by model this model in the second blog post in this series.

The second key issue is identifying what functionality is needed. Today, the scope of IAM is vast and includes a constantly expanding universe of TLAs (three letter acronyms) such as SSO, MFA, and PAM. It is easy to get distracted by their promises at the expense of your business’ priorities. That’s why it’s important to have a documented functional scope that helps you – and your prospective providers – to decide if a solution is fit-for-purpose. The third blog post will explore these key areas of IAM functionality to help ensure you buy right solution.

The third key issue is the solution architecture. Getting the architecture right is critical because it determines the impact and longevity of your solution. An architecture that lacks vision may meet today’s needs effectively but could quickly meet its Use By date. However, an architecture that is too ambitious may underserve your users today and misjudge future developments. Today, Zero Trust architecture is generally understood as the best approach to Enterprise security so the fourth blog will explore the role of IAM in that.

The final issue is the design of the implementation project. An IAM solution has many moving parts that touch every part of the business. And because there is so much organisation-specific context, it isn’t feasible to parachute an IAM solution into an organisation. You will have to accommodate business processes, systems, and many other issues that are unique to your organisation. The final blog post will consider how to assemble and manage the implementation team.

We hope that this post, and the ones that follow, will help you achieve the best possible IAM solution for your business.