Weak identity and access management (IAM) practices result in considerable risk to the organization because IAM plays a role in most things in IT.
Common reasons behind weak IAM practices include:
- There is no central ownership of IAM. Owners of IAM actions outside of IT (e.g. provisioning an account in an HRIS) may be resistant to adopting change.
- IAM processes are ad hoc and reactionary. Organizations do not have a high-level understanding of how identities and access are managed at the organization.
- The organization lacks technology to better manage their defined IAM processes. IAM software remains expensive and is often implemented before the people and processes to support that technology have been identified.
Our Advice
Critical Insight
To have a successful identity and access management program, you must first identify who will be the owner(s). Then, in collaboration with the owner(s), create processes that support the organization’s goals. Lastly, consider how technology can assist in enabling or automating defined processes.
Impact and Result
Info-Tech provides a high-level framework that helps organizations ensure they are following best practice at all stages of an identity's lifecycle.
- Identify the drivers behind improving your IAM practices.
- Develop best practice processes for each section of the identity lifecycle.
- Understand the benefits of using IAM software.
Use our research to start your journey to mature the IAM program at your organization.