I have been up and down the East Coast this week meeting with different companies and beating my ‘It’s about the process’ drum. One question that got me thinking was – why?
I have been noticing the shifting sands of Identity for several years now and have had the opportunity to speak with organizations, and ultimately people, who sell identity management solutions, deploy identity management solutions, and manage and support identity management solutions. There are several things that are very apparent to me, and continue to be reinforced:
1. Compliance is the biggest reason people evaluate Identity management solutions. I believe this stems from (poorly written) legislation that is designed to mandate that organizations have a level of transparency and a level of knowledge about what is really going on inside their systems that run their business. It is no longer acceptable to say ‘I didn’t know about that’. It’s also where the budgets are since management wants to stay out of the papers and out of jail.
2. Convergence of Identity, Privacy, and Security means that there are now impacts beyond each silo that must be considered when evaluating a solution. What are the ripple effects beyond my group/team/business unit. Add in trying to implement a federation model/framework and the waters get muddier.
3. The number of people who have the expertise and experience of both the business drivers and technology implementations is small
. Identity management is not a technology project. When I got into the space and starting to position solutions at companies, it was a technology project buy. Now that companies have started to realize that the Identity Management software out there all do 80-90% of the same thing, it has become less about the technology and more about supporting the business process and enabling transparency in a way that business folks can understand (that’s why I believe dashboards have become the must have thing).
4. Support, Maintenance, and Servicing. I also see that companies are starting to understand that an implementation is not the event it once was but the beginning of a business process reengineering effort, that once the technology is implemented, there is s a substantial effort and commitment to care and feed this new system and the processes it is designed to support.
5. I believe that companies - to varying degrees – will start to look at transition processes to off load the ongoing maintenance and management of these systems to service providers who will retain the expertise of both the business and technology components. This means that there is an opportunity for companies to build out teams to do the support, and more importantly quarterly business reviews with their clients to insure things are running smoothly.
It’s About the Process Folks, and having a continuous feedback and ongoing strategy evaluation means that you will get better at defining the processes that will foster transparency, improve how security and privacy are maintained and improved to help your business.