Steer Clear of These 6 Common IAM Implementation Pitfalls

Today many companies are leaping at the chance to reduce administrative costs in the workplace. Whether it be automated account management, single sign-on (SSO), self-service account administration, risk-based authentication, or centralized logging, firms are looking for ways to streamline and automate processes to minimize costs while offering benefits such as an improved user experience and enhanced security. So the choice to move toward Identify Access Management (IAM) is often a no-brainer. IAM enables companies to integrate all applications and identity repositories into a centralized, manageable system for authentication, authorization, and reporting.

In their rush to implement IAM solutions, companies frequently fall victim to pitfalls that result in implementation delays, cost overruns, and IAM systems that fail to meet their business needs.

The good news is that with careful planning and analysis upfront and diligence during implementation, these pitfalls can be avoided. In this blog post, we’ll describe six of the most common IAM implementation pitfalls companies have encountered over the last decade and how to avoid them.

1.   Take Time to Discover Your Needs

Most companies think of discovery as part of the planning portion of a new project or IAM implementation, and they are partially correct. Discovery should be more than just a routine planning exercise or a “knee-jerk” reaction to a breach, an audit, or some other cataclysmic event. Discovery and communication become more crucial in IAM efforts because they tend to be more wide-reaching than most enterprise projects.

Take time to decide what you want out of an IAM solution. The biggest questions we always ensure we identify at Tevora are:

• What are the high-level drivers for the project?
• What does the picture of success with IAM look like?
• Who are your stakeholders and what are their goals in regard to IAM?

Your discovery should be a collaborative effort involving stakeholders from all impacted areas of your company (e.g., IT, HR, sales, marketing, product managers, legal). Use the information from these collaborations to develop a set of strategic and high-level goals for your IAM implementation project.

Many companies don’t spend enough time in the discovery phase and try to rush to the implementation stage for a quick patch solution, which leads to sub-optimal results. Time to value is an important metric, but when rush, can provide low value to match the low time metric.

2.   Stay True to Your Goals

Set strategic and high-level goals early, review them often, and adjust and refine them as needed if project or business conditions change. Without a set of goals established early on, business team members may not understand how their environment will change with your IAM implementation.

As the project progresses, resist the temptation to stray from your goals unless you’ve made a collective decision to modify them. Periodic goal reviews are a great way to decide if goals need to be adjusted but also help your team maintain focus on the strategic direction of the project.

We’ve seen many projects where IT had too much influence over the project, which resulted in IAM implementations that failed to meet the needs of the business. On the other hand, we’ve seen projects where IT was not involved enough during discovery and goal setting, which resulted in IAM implementations that were expensive and difficult to implement and operate. To avoid these pitfalls, be sure to include IT, business, HR, and all other relevant stakeholders in discovery and goal setting.

Another pitfall we’ve seen companies encounter is setting “big bang” goals, where everything is implemented at once. This sounds great initially, but the effort is often too complex for an organization to pull off with its available resources. The complexity of this approach can also lead to significant impacts to the business if there is an implementation problem that makes it impossible for all users to access applications and data for a period of time.

We recommend taking a phased approach with your IAM implementation plan, while setting strategic milestones for each phase. For example, it might make sense to cut over users to the new IAM system based on their business or functional unit. An initial phase might be to begin with only IT users. In this first phase, only those users and the applications and data they need to access would be implemented. This enables each functional group to have a seamless user experience as they cut over to the new IAM system and avoids a situation where they need to use different approaches for accessing different applications or data.

3.   Focus on the User Experience

Providing a seamless user experience is a critical element of any successful IAM solution. Companies often lose sight of this as they get bogged down in the complex work of an IAM project and end up delivering a flawed or cumbersome user experience. Don’t let this happen to you!

Begin by getting representatives from various user groups involved upfront in setting goals and requirements for the user experience. As the project progresses, get user feedback on prototypes or mockups of the user interface and be prepared to refine the interface based on their feedback. As you approach implementation, go the extra mile to make sure users know what to expect (e.g., new screens, email flows, authorization and authentication processes). Conduct extensive training and provide documentation to ensure users are fully prepared for success on implementation day.

One crucial goal of user engagement is to make all user groups feel like they have been a part of the project. Since many business units cooperating together will be integral to the success of identity in the long-term, making them all feel like they had a stake in building the program will ensure they want to see it succeed.

4.   Dig Deep to Identify Entitlements

Identifying which users should be entitled to have access to applications and data can be a difficult effort for many companies, but it is vital for any successful IAM solution. Start by interviewing key stakeholders in each business or technical group to understand which users, groups, or roles are entitled to access applications and data. Application administrators (e.g., Salesforce Admin) are often a great source for getting this information.

It’s important to turn over every rock you can find to discover entitlements, but we’ve also seen companies fall into “analysis paralysis” when doing this. Try not to let the perfect be the enemy of the good, which can cause delays in your project and may be adding only minimal incremental value.

Remember that establishing entitlements is generally the largest effort in any identity program and this part may be a work in progress for quite a while.

5.   Align With Zero Trust Strategy

The concept of Zero Trust has emerged in recent years as an effective way to provide secure access to organizational resources in today’s cloud-based environments. IAM is often a key ingredient in a Zero Trust strategy. If your company has a Zero Trust strategy or is planning to implement one, be sure that your IAM implementation project aligns with that strategy.

If your organization doesn’t have plans to implement Zero Trust, we still recommend planning around it in case it emerges in the future. Good IAM strategies align well with good Zero Trust strategies, so this rarely creates additional overhead.

6.   Revisit the Project Plan

During all phases of an IAM project, revisit the milestones and roadmap to make sure the project is both on track and focusing on the original high-level goals. Projects of this size tend to be living, breathing creatures that can grow out of control as the groundwork commences. As one set of processes iscompleted, you are likely to find things you’d like to tack on to the project, which can pull you off course. Remember to stay focused. Revisit the high-level goals often.

If your objectives no longer make sense, it’s OK to change them as long as you get buy-in across the team. But otherwise, stay the course!

The Bottom Line

No IAM implementation project will be completed overnight, and none should be. The process of integrating dozens or even hundreds of applications and their identity repositories is a complex undertaking, even for a small business. Successful implementation of an IAM solution is a significant challenge for most companies.

We’ve covered some of the most common pitfalls that can hinder or bring down an IAM implementation. Keep them in mind throughout your project, and you will be much more likely to deliver a world-class IAM solution that meets or exceeds your company’s needs.

Additional Resources

Below are additional resources that provide a deeper dive on the topics covered in this blog post:

• Automated Identity Management Webinar
• Top 5 Business Benefits to an IAM Solution
• 4 Steps to Creating a Zero Trust Security Model

We Can Help

If you have questions about any of the topics covered in this blog post or would like help implementing an IAM solution for your company, our team of experienced IAM experts can help. Just give us a call at (833) 292-1609 or email us at sales@tevora.com.