Identity and access management (IAM) is key to effective information security, but IT managers are still struggling to get businesses to invest, say Gartner analysts.
IT managers are failing to make the case for identity and access management because they are not using the language of business to communicate the benefits of IAM projects, analyst Tom Scholtz told attendees at the Gartner IAM Summit 2008 in London today.
He said the most effective way of getting business support was to show how IAM was able to improve the reliability of business operations, protect brands, and manage risk.
Fellow Gartner analyst Ant Allan said IT managers need to communicate all the different ways IAM can contribute to initiatives to boost competitiveness across the business.
It was unrealistic to say that IAM contributed to every business strategy, said Allan, but there are several key business imperatives that IAM does support that IT needs to communicate.
These include the need to attract and retain customers, build an agile organisation, increase employee productivity, and improve critical business processes.
"IAM directly improves critical identity-focussed business processes and workflows by enabling businesses to add new employees and customers to their IT systems quickly and easily," he said.
Scholtz said maintaining business support required continual feedback about what investments in IAM projects have achieved as well as what they have failed to achieve.
"Honest feedback is important to establishing credibility, which in turn makes it easier next time IT goes back to the business to ask for further investment," he said.
Scholtz said it was important for IT to establish and maintain the trust of the business and then set up as many channels as possible to communicate the value of projects in business terms.