Current Market Trends for Identity & Access Management Projects – Business Goals that Make Compelling Business Cases

From a 30,000-foot-view perspective, the idea of Risk being a driver and a business proposition for the implementation of Identity and Access Management is perhaps one of the strongest for garnering Executive-level support and budget consideration. Over the last couple of years we have also seen similar trends in the real or perceived status of economic conditions. Certainly, the convergence of regulatory compliance concerns and risk in particular is key to developing a business case for IAM per our post last week.

From a more granular perspective, the need for recertification of access for users on a periodic basis (specifically so that you don’t run into segregation of duty concerns) is critical for both audit purposes and internal business stakeholders. Establishing some kind of role construct for users internally so that access can be managed by a non-security user population is also an excellent goal that helps generate a compelling business case. It allows end users and departments to more reasonably recertify employee access to certain areas based on their functional job requirements. This also allows supervisors and managers to avoid delving way down in the proverbial weeds at a very technical level to determine whether someone should have access to a particular asset or data. While this is not a new revelation, it continues to be a very strong goal for IAM that can be easily inserted translated into a business case. This is particularly true when recognized through an event – namely a failed audit or compliance penalty.

This convergence around governance risk and compliance with these and similar identity and access concerns has elevated the profile of identity and access management within many organizations. As a result, more and more projects are being driven at the infrastructure level, and because of the exposure of the risk through effective business cases we are seeing much more involvement from the CFO and CIO offices in elevating these projects into annual budget consideration.

Another key area to factor in IAM business case development are operational efficiency goals, particularly in light of strains on budget and resources due to the recent econominc downaturn as alluded to earlier. In addition, some of the need is driven by the expanded access needs for internal and external user populations. But, with that becomes operational overhead. While this is one of the driving forces in the growth and popularity of cloud services, that’s another subject for another day with its own unique challenges and benefits. As it relates to this subject, the desire to mitigate risk from these external populations while reducing the operational overhead for providing this level of access is definitely a key component of the business case for IAM.

The idea of making data and employee collaboration more available to the business, while improving the end user experience and security posture, is a particularly strong driver on the operational efficiency side. We still see the need for password and group management within the classic network world, but for remote group password management in support of operational efficiencies is one area where organizations must have a more definitive ROI. This is a catalyst and an effective kick start for an IAM initiative internally, as IAM can provide a strong correlation between the business goals and a classic ROI or risk/cost avoidance. For example:

• Web portal registration and access control allows for remote workers, contractors and satellite office to access centralized data and application infrastructure.
• The growth of unified messaging concepts will bring convergence around email, voicemail and IT services.
• Identity and access management has also begun to have an overlap with information rights management and data leakage prevention, particularly for remote desktops and privileged users.

At the end of the day, it can be very difficult for the IT organization to take on the role of “selling” to the organization, but hopefully some of these considerations provide a solid starting point for developing a compelling and effective business case. Of course, partnering with strategic consulting and integration partners (such as Logic Trends) can provide a significant leg up in not only achieving business objectives and supporting business goals. They also have the experience, and data, to help ensure that the message resonates and the funding can be justified.