Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Access Management

A Recipe for Identity and Access Management Success

By Todd Peterson
Todd Peterson

Todd Peterson

June 1, 2015

In a world of increasing threats, IT security pros are motivated to strengthen security protocols and access to company data “to everything, everywhere.” Unfortunately, this approach often comes with a cost in usability, and can make security an inhibitor to business productivity.

Fortunately, new technologies and approaches exist that can overcome this usability vs. security challenge. Adaptive, risk-based identity and access management (IAM) techniques help IT scale their security posture to reflect the circumstance. IAM is all about making sure that the right people can get to the right resources to do their jobs without exposing those same resources to undue risk from unauthorized parties. Yet, for all its importance, there is an overabundance of IAM projects that didn’t live up to expectations, took too long and cost too much to complete, or even failed outright. But controlling access, managing and securing privileged accounts, and achieving governance are so critical that we can’t simply ignore the fact that it’s hard.

So what is the better way that can help prevent your IAM project from becoming one of the many that are disappointments?

A growing number of organizations are finding that the right approach to IAM can lead to a successful project. In these cases, IAM can move beyond being a necessary evil to an actual business-enabling asset. For organizations that succeed, they end up with every user – or at least the vast majority of them – having exactly the right access (provisioning) and all the right people making it happen and having insight into what goes on (governance). Successful IAM is much closer to a reality than many may have ever thought possible. While every organization is different, there are a few commonalities we can draw from these successful projects. Here’s a proposed basic recipe for IAM success.

Unify, Unify, Unify

Think back to the days of Windows NT – when every Windows server was an island unto itself and required unique identities (or accounts), authentication, authorization and were almost impossible to audit. Microsoft overcame that problem with the advent of Active Directory in Windows XP and a one-identity approach to IAM in Windows. That same thinking – reducing complexity; consolidating identities and thus provisioning, authorization, login and audit requirements; and avoiding addressing unique systems in silos can bring major benefits.

The more identities people have the more places that they must be provisioned, the more passwords they can forget, and the more holes an audit can find. Seek to arrive at a single source of the truth and then implement it enterprise-wide. And don’t forget that two or three identities is still much, much better than 10 or 12.

Minimize Customization as Much as Possible

One of the main reasons IAM project fail is because they rely almost entirely on customization. The traditional approach to IAM is to build custom connectors that contain all the business logic necessary to grant, control, and audit access across all systems. These heavily customized solutions give the appearance of unification as mentioned above, but in reality are just covering the complexity with additional complexity. It’s like the time my wife asked me to clean out the garage, so I moved everything into the kitchen. It got the job done, but didn’t really solve the problem.

The more you can use “configurable” IAM solutions the quicker you will realize value, the easier it will be to react to change, and the less you will rely on the expense of an army of developers and consultants.

Get Provisioning Right

It all starts with provisioning. But when things are un-unified and heavily reliant on rigid customization – provisioning is really, really difficult. If there is one constant in IAM, it is change. People change roles, what those roles mean changes as new systems or processes come online, regulations change what you are required to secure, and new technologies and trends suddenly throw everything for a loop. Each one influences how and what you provision.

If you do nothing else, make sure that however you provision, re-provision and de-provision users; you do it in an entirely unified and consistent manner, with an emphasis on configuration not customization.

Put the Business in Charge

One of the biggest roadblocks to successful IAM projects is the dependence on IT to do everything. After all, who else knows how to provision an account, set up rights within a system, or find the information required of an audit? But while IT knows how to do those things, it’s the line-of-business that’s accountable if something goes wrong. Newer IAM solutions are built with a focus on the business, as opposed to IT.

When the line-of-business is making decisions on who should have access to what – and when they are actually able to make that access happen on their own (provisioning) – everything gets easier. IT doesn’t have to be involved in everything, an audit is more likely to be painless, and security will increase.

Automate and Enable

Most IAM projects are focused on making something easier for someone. Whether that’s reducing the provisioning workload on IT (see above), streamlining login (single sign-on), or enabling users to reset their own passwords, the ability to automate previously cumbersome processes is the big selling point for most projects. But automating a complex, fragmented, and IT-centric IAM approach doesn’t yield the benefits of true automation with a focus on the business and unification.

Manual processes are the death-knell of a successful IAM project just as much as customization is. As you address the points above, look for places where automation can save time and money. Automation also decreases the chances for errors and can enable the line-of-business and end users to do many of the things they should do, but have always relied on IT for.

Always Look Forward

Much of the trouble with IAM projects is that they deal with a static situation at a specific point in time and can’t adapt to the constantly evolving world of users, access needs, compliance demands, and security threats. Many failed IAM projects were humming along quite smoothly until Bring-Your-Own-Device (BYOD), or SaaS, or virtualization were thrown into the mix. The inability to adjust to new technologies, new user demands, and the latest trend inevitably leaves a project lacking.

When evaluating solutions, approach from a “what if?” mindset as much as possible. While you can’t predict everything, a simple internal dialog on how a particular solution will or will not work with other solutions already deployed, their “cloud-readiness,” and their approach to newer trends like BYOD is a valuable undertaking. An adherence to industry standards is a good baseline in these decisions.

It can be done. There are happy endings, and the number of successful IAM projects grows each day. I’ve personally been involved with companies that were in the fifth year of their two-year IAM project, were severely over budget, and were sorely lacking in value or results. A simple shift in mindset, a focus on unification and the business, with an avoidance of siloed security and customizations, can result in a successful IAM project. One energy company realized in 14 weeks the value that an “old school” project failed to deliver in more than three years. Another reduced helpdesk costs by more than a million dollars a month. And a third was able to rapidly and securely adopt both a controlled and secure BYOD policy and a move to new SaaS applications and services without disruption operations or adding complexity or new customizations.

IAM is an important component to any successful security problem that can bring security managers additional organization, automation and peace of mind.

KEYWORDS: IAM systems identity (ID) management security systems

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Todd peterson 200px

Todd Peterson is a product marketing manager for Dell’s Identity and Access Management businesses. Prior to his current role, he served as a product marketing manager for Quest Software’s Identity Management business.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Multi-Factor Authentication - Security Magazine

    Identity and Access Management Trends for IT and Security Professionals

    See More
  • Ask the Five Ws to Enhance Your Physical Identity and Access Management Program - Security Magazine

    Why identity and access management is critical to securing a remote workforce

    See More
  • SEC0721-Tenant-Feat-slide1_900px

    Identity management for multi-tenant buildings

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing