I have been working with identity and access management technologies to a few years now and in this time I have had the opportunity to work on a multitude of projects aimed at the deployment of these technologies. Over this period I have noticed that there are certain things that makes a project work and invariably there are things that set you up for failure from the start. In order to try and help prompt successful identity management deployments I thought I would give you my “Top 10 Reasons Identity Management Projects Fail”.
One: No clear goal or problem statement – We all know this, but somehow we miss this sometimes. Over the years the customer projects that have had the greatest success have been the ones that know exactly what they wanted to achieve. There is great phrase that states the “Clarity is power” and if you understand what you want to achieve you find ways to get it done – plus you notice when you are getting off track. I think there are three main reasons to embark on a identity management project: security – operational efficiency – governance / compliance.
Tip: Get clear on the problem – Get clear on the goal
Two: Sponsorship - One to the quickest ways to make any integration project such as an identity management project fail is to have the wrong level of sponsorship for the project. Generally when a project is driven from an IT department alone and it requires deep integration into systems such as payroll there are challenges in getting all parties to agree on the need for the project (or the proposed timelines, cost, effort, etc). Making sure you have the right level of executive sponsorship for your initiative, that understand the need and the goal, makes it easier to get all parties to help in the effort.
Tip: Make sure you get the right level of sponsorship for your project.
Three: Most technology and business decision makes don’t know what IDM is – thought the field of identity management has been around for many years it had not been all that accessible for adoption within the broader market (due to many reasons) and as such there has historically been very people that could effectively articulate the technical and business benefits to get large scale project going. Because of this there are a lot of half baked ideas / truths about what identity management is. I have always found the best way to educate people about what these technologies can do is to show them.
Tip: Make sure to showcase the technology solving the business problem and at the same time educating your company on the solution.
Four: Skills, Skills, Skills – Irrespective of the vendor solution finding the right individual to deploy the solution and more challenging, to maintain it post deployment has proven to be a big stumbling block in the deployment of identity management technologies.
Tip: Find the right partner or skilled consultant to assist in the deployment and training of your onsite resources
Five: Perceived Cost of Ownership – When customers embark on any technology project they often do a cost-benefit analysis to determine if the project is a good idea. Whether this is a formal process or someone just looking a total thinking “What am I getting for all this money again?”; the process does take place. Since identity management in many cases enhances something that already exists this is sometimes a hard sell to someone that does not have a clear picture of the problems (or you have not effectively shown that correct people the correct problem). When objectively looking at identity management technologies compared to many distributed infrastructure deployments like Exchange the cost is actually quite low, but when you put professional services, support, client access licenses and number of system to integrate together it does become quite expensive sometimes. The trick here is, business decision makes know they need email… you need to find a problem or benefit so big that they will now know they need identity management.
Tip: When cost alone is enough to stop you deployment you need to find a bigger carrot or stick
Six: Going big made you go home – Numerous times I have been involved on projects or heard of projects that failed due to this little principle. Many times customers look into identity management, see the potential and then go ballistic. They try to deploy complete company wide role based access, mapped into payroll and integrated into all company systems. This approach has many problems in my opinion. either you plan forever trying to map every role in HR to every access permission in the company OR you deploy forever trying to get every system to speak to every other system OR both of the above. Usually this makes people loose interest and the momentum you started with is lost.
Tip: Find a balance for a first phase deployment between value shown and timelines in which you deliver. This way you will proven value quickly
Seven: Manage change – We techies love our technology, but every now and then we have to deal with business users… right. When looking at the new wave of identity management product on the market today, almost all of then have a user front-end of some sort. Due to this the identity management engine is no longer a process hidden in the corner of the datacentre, but it becomes a integral part of many users day to day jobs. Since we now have interaction with users of the solution it is imperative for identity management projects to contain some form of change management to the technology consumers. IT projects have been quite bad with this in the past, but we must change that going forward.
Tip: Make sure people know what changes are coming and how this will change the way they work today
Eight: Poor planning – Every project we do irrespective of technology has certain risks, but through planning many of these can be addressed. These risks can be mitigated quite easily in my mind by taking some of the previous tips to heart and having an effective project management process. By knowing the goal, having the business buy-in, understanding the cost, managing the scope and communicating change we set ourselves up for success. The things that remain are timeline, scope and budget management.
Tip: Apply good project management principles to your identity management project (together with the tips above)
Nine: Unmanaged expectations – The fact that this is only mentioned at number nine should not be an indication of the importance of this point. I think this is a invaluable lesson for every part of our lives not just in running a successful project. The age old picture below paints the picture perfectly. Look at the picture long and hard and make sure you see this the next time you chat to a project team member.
Tip: Make sure after every meeting, discussion, email, chat and document exchange that everyone is on the same page – expecting the same thing for the outcome
Ten: Identity is given the wrong priority – The final point here is a little but of a rant regarding companies having a mistaken view of how important identity and the effective management of identity is to their business. Identity in business today is everything. If you wanted to given people permission to something you would need to know “who” you want to give “what” and indeed “when” and for what “reason”. Without effectively knowing who is who in the realm of your organization you know thing. When we manage out staff, student, vendor, contractor, alumni, partner, administrator, etc identities well we enable business to be more secure while being highly dynamic and agile at the same time.
Tip: Spread the word – Without effectively managing our identities within the corporate environment every piece of IT infrastructure you spend millions on is reduced to just pieces of tin.