Having been in both the IdM space and the services world for some time, a convergence of discussion topics happened this past week via email when I was thinking about IdM as a service and asking myself, why doesn't somebody do this for a living?
Someone sent me an email asking if I knew of anyone doing this and it got me into a what-if thought parade… What if IdM could be offered as a service? Would it be an elephant or a dumptruck?
The service’s value would really be in BPR (Business Process Reengineering) since we are talking about streamlining the process by which access to assets is given.
The first part of the service would be a BPR Mapping session – map out what it is you want a process to look like. NOT what the process is and NOT what one group thinks it is (a really cool project with a lot of buzz). Lay out the best possible process. Period.
Then you have to look at ways of validating identity. What parts are manual (Are you who you say you are at the other end of the phone)? What parts are automatic (LDAP?)?
Identify what people need access to by macro groups. Is this enough?
Identify what people need access to in micro groups. Is this enough?
Identify the small group of users (Roots) who get access to a lot of stuff, or the keys to the kingdom.
Install software solution(s) to manage and enforce what you’ve identified
Then identify how to un-engineer the process. Does it work? How quickly?
Continually audit to determine how well it works or doesn’t work.
What’s your service offering? An elephant or a dumptruck?
Labels: Identity Management, IdM