Keep IAM simple and collaborate to succeed, says Gartner

Identity and access management is increasingly important, but it is also increasingly complex and is set to get worse, says Gartner

Identity and access management (IAM) is increasingly important, but it is also increasingly complex and is set to get worse, according to Ant Alan, research vice-president at Gartner.

“In the age of digital business, the scope and scale of IAM is going to increase, and the only way to succeed is to work together,” he told the Gartner IAM Summit 2015 in London.

Collaboration will have to improve across the IAM ecosystem, which is made up of suppliers, consultants, implementers and client project leaders, said Alan.

“The holders of these four key roles will need to work together as a team to reduce the complexity of IAM and should continually each ask themselves what they can do to help the team succeed,” he said.

IAM should be simple, business-driven and secure, said Felix Gaehtgens, research director at Gartner.

“History is full of failed IAM projects. We believe the key to success is to simplify the approach,” he said.

Gaehtgens said organisations can achieve greater simplicity by ensuring that they do not tackle the most difficult things first or bite off more than they can chew.

“Rather, organisations should prioritise by identifying the low-hanging fruit and address all the things that should be done before implementation and will make their IAM project more manageable,” he said.

To illustrate the challenges that typically exist in IAM projects, analysts highlighted the challenges and criticisms of each of the four IAM roles, as well as the ways each role could improve, as detailed below.

IAM leader role
Challenges Criticisms Improvements
Spend 90% of time on telling stakeholders how IAM can help the business and consequently there is little time to understand just how the technology works. Lack the capacity to make decisions. Ask only for customisations that will benefit the whole business and not just parts of it.
Earning the trust of users and application owners in the face of slowdowns and downtime. Lack of technical understanding. Work with business to re-engineer business process to fit standard practice supported by IAM products.
Demand from senior executives to deliver 10 times capacity set by budget constraints. Failure to do their homework before starting an IAM project. Involve architects experienced in IAM from the start to create the right vision for the company.
IAM consultant role
Challenges Criticisms Improvements
Staffing is often a problem because of the expectation to begin deliver as soon as contract is signed. Typical failure to ensure transfer of knowledge to client organisations. Highlight ability to help the business with managing risks.
Providing unbiased advice, yet at the same time maintaining a good relationship with suppliers. Failure to involve client organisations in decision-making processes. Help leaders with internal politics by drawing on industry experience.
Managing client expectations after they have been inflated by the supplier. Failure to add value by guiding client in what is practical for their organisation. Work in closer partnership with suppliers to support clients.
Getting client organisations to commit to decisions. Failure to tell organisations what approaches to avoid.
Getting organisations to recognise the importance of consultants’ risk management skills.
IAM supplier role
Challenges Criticisms Improvements
Creating a product to meet current and future needs of customers who are often not clear on their needs. Failure to recognise that not all issues are solved with technical solutions. Maintain a presence and provide support throughout the implementation process.
Failure to provide after-sales support and provide clear lines of support.
Getting products implemented by the right people in the right way and avoiding blame for failed projects. Failing to provide what businesses need when they need it. Work on user interface as a high priority for easy user experience.
Failure to provide easy user interface.
Tendency to shift blame onto users or implementers rather than admit shortcomings. Focus more on customer processes.
Finding the right balance between customisation and configuration. Tendency to blame implementers for project failures.
Inability to tell the business why features are implemented in the software in a particular way. Work with implementers to provide training and support.
Lack of transparency in the sales process and around any areas of weakness.
IAM implementer role
Challenges Criticisms Improvements
Deciding what to do when there are many different masters to please. Failure to seek help from the business to solve business problems. Failure to work with consultants to provide right people and a consistent view to clients.
Being forced to customise products because of lack of flexibility through configuration. Resort too often and too quickly to customisations to solve issues. Acknowledge that implementers may not know everything and be open to learning.
Pressure to add capabilities and yet stick to original project deadlines and budgets. Help businesses improve processes to solve issues before resorting to customisations.
Unwillingness of clients to change or adapt processes despite 80% of IAM relating to processes. Failure to work with consultants to provide right people and a consistent view to clients. Admit mistakes and do things again if necessary.
Provide other stakeholders with a range of possibilities where possible.


Read more on Identity and access management products