Has Your Deployment Been a Complete Disaster Too?
I spoke to a buddy of mine I had done some work for and made his department successful in implementing an identity management solution. He did it the exact opposite way that everyone else did it, and is the only one of his peers who is done and successful and maintaining his system. The rest of the company, however is in total disarray, and those folks who jumped into their identity management projects with vim and vigor, are running away even more quickly. Apparently the promise of SOX compliance hasn’t showed up yet. The good news is they only have another 2 years of work ahead of them before they think they’re done, and that’s assuming nothing has changed in their environment or in their process, assuming their processes are known and documented to begin with. So I asked my buddy if you could hit the reset button, what would you do today? Verbatim response:
‘I would implement your stuff (TNT Identity) and SSO and that’s it. Total project done. All objectives met, all metrics met or exceeded, and for the cost of what we paid for our discovery documents alone.’
The second discussion I had was with a branch of the Government today. I went to meet two ladies who thought it was way too early to meet since they were just starting to look at what identity management is. I was pushy and asked for the meeting anyway, because whether we got to discussing a specific solution, product set, whatever, I would save them at least $100,000 in an hour meeting. I am happy to report we saved them at least $100,000 probably closer to $1M in initial project costs, not even including maintenance and support of the completed solution.
Want to know how I did it? Two simple questions –
What is your end goal? Audit Compliance or Policy Control/Enforcement?
Do you want to manage identity in the network layer or the application layer?
Coming up with answers to these two questions will pay for itself before you even start. Since the network layer includes the application and infrastructure layers, you will have killed three birds with one stone – implementing a global policy that governs the access of networks, servers, and applications using user identity (and/or machine identity) of authenticated user only. Add to this SSO and you have a simple, extremely effective way to manage identities. Whatever that means.
I gotta catch a flight, but I’ll expand on this later. If you want a slide deck that talks about this in some depth, and encapsulates the discussions, email me – identitystuff @ gmail.com