Skip to main content

Identity and Access Management - Goal-driven Business Cases You Can't Ignore

January 27, 2012

IAM5 LogoFrom a 30,000-foot-view perspective, the idea of risk being a driver and a business proposition for the implementation of Identity and Access Management (IAM) is perhaps one of the strongest for garnering executive-level support and budget consideration. Over the last couple of years, we have also seen similar trends in the real or perceived status of economic conditions. Certainly, the convergence of regulatory compliance concerns and risk, in particular, is key to developing a business case for IAM.

From a more granular perspective, the need for recertification of access for users on a periodic basis (specifically, so that you don’t run into "segregation of duty" concerns) is critical for both audit purposes and internal business stakeholders. Establishing some kind of role construct for users internally so that access can be managed by a non-security user population is also an excellent goal that helps generate a compelling business case. It allows end users and departments to more reasonably recertify employee access to certain areas based on functional job requirements. This also allows supervisors and managers to avoid delving way down in the proverbial weeds at a very technical level to determine whether someone should have access to a particular asset or data. While this is not a new revelation, it continues to be a very strong goal for IAM that can be easily inserted translated into a business case. This is particularly true when recognized through an event -- namely a failed audit or compliance penalty.

This convergence around governance risk and compliance with these and similar identity and access concerns has elevated the profile of identity and access management within many organizations. As a result, more projects are being driven at the infrastructure level, and because of the exposure of the risk through effective business cases, we are seeing much more involvement from the CFO and CIO offices in elevating these projects into annual budget consideration.

Another key area to factor in IAM business case development are operational efficiency goals, particularly in light of strains on budget and resources due to the recent econominc downturn. In addition, some of the need is driven by the expanded access needs for internal and external user populations. But, with that comes operational overhead. While this is one of the driving forces in the growth and popularity of cloud services, that’s another subject for another day with its own unique challenges and benefits. As it relates to this subject, the desire to mitigate risk from these external populations, while reducing the operational overhead for providing this level of access, is definitely a key component of the business case for IAM.

The idea of making data and employee collaboration more available to the business, while improving the end user experience and security posture, is a particularly strong driver on the operational efficiency side. We still see the need for password and group management within the classic network world, but for remote group password management in support of operational efficiencies, this is one area where organizations must have a more definitive ROI. This is a catalyst and an effective kick-start for an IAM initiative internally, as IAM can provide a strong correlation between business goals and a classic ROI or risk/cost avoidance. For example:

• Web portal registration and access control allows for remote workers, contractors and satellite office to access centralized data and application infrastructure.
• The growth of unified messaging concepts will bring convergence around email, voicemail and IT services.
• Identity and access management also has begun to have an overlap with information rights management and data leakage prevention, particularly for remote desktops and privileged users.

At the end of the day, it can be very difficult for the IT organization to take on the role of “selling” to the organization, but hopefully some of these considerations provide a solid starting point for developing a compelling and effective business case. Of course, partnering with strategic consulting and integration partners (such as FishNet Security) can provide a significant leg up in achieving business objectives and supporting business goals. The information solutions provider also has a team with the experience -- and the data -- to help ensure that the message resonates and the funding can be justified.

Related Blogs

April 20, 2018

Customization of IAM Solutions: Risks of Having it Your Way

Forty years ago Burger King launched a revolution in customization, declaring that they could provide you the power of creating your perfect burger co...

See Details

December 18, 2017

Security vs. End User Experience – Find the Balance

Have we become so focused on serving our customers that we are willing to cut corners for the sake of speed and convenience, only to subject the organ...

See Details

October 06, 2017

Avoid User in Training

Often when I’m onsite with clients, gathering requirements for an identity and access management (IAM) solution implementation, I’m asked, “What are s...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy


July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

January 24, 2018

Identity and Access Management Capabilities

We can help enable your business while reducing risk.

See Details

October 06, 2017

Managed Security Services - Service Guide

Learn about our flexible and scalable services to improve your security capabilities.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.