Skip to main content

What to Consider Before Starting an IAM Initiative

December 01, 2014

Anytime an organization implements a new solution or program, there are a number of things to understand and prepare in order to maximize success. Identity and Access Management (IAM) initiatives are complex and can have some of the largest organizational impacts of any program or service at a company. IAM programs involve people, processes and technologies from across the business. This includes Human Resources, IT, users to audit and more. IAM integrates with other systems and applications through connectors to databases, aggregated flat file feeds, APIs and opened tickets.

Many things are necessary to be successful in an IAM system implementation. Below are some key areas to consider prior to the start of your IAM project:

  • Define your application landscape. What applications does your organization currently have on premise? What about in the cloud? Do you provide software as a service (SaaS) to any business partners or clients?
  • Define your data classifications. What types of data are stored on your systems and in your applications? Do you house information you do not want your competitors to see? Are you an open book with no trade secrets or other confidential information to be concerned about? Do you have different zones established on your network for different data classifications? Do you now or will you in the future require multi-factor authentication for certain data classifications, zones or systems, and what drives these rules?
  • Understand your risk tolerance. When thinking about enterprise or application roles, what is the organization’s risk tolerance for assigning access on a “fit the needs of the many, not the few” scale? If 70% of the users in Job Code 123 need access, should you give it to the other 30% and call it good? Not all access or information needs to be locked down to the nth degree, and security should be balanced with accessibility in accordance with your risk tolerance.
  • Know your vendor relationships. Does your organization have strong allegiance to particular vendors or strong aversion to others? Do you prefer boutique products or industry giants? Do you have established sales and support contracts with certain vendors?
  • Know your existing IAM landscape and licensing obligations. Do you have an existing IAM solution that supports some or all of your user population and application landscape? What functionality does that solution support? Does it have any of these capabilities: user lifecycle management, single sign-on, federated sign-on (service provider or identity provider), password synchronization, self-service password management, elevated account password vaulting, AD bridging, elevated account session management, certifications, role based access control on applications or across the enterprise, reporting or other functions? Do you have existing contractual obligations relating to licenses on your IAM solutions that may preclude you from implementing a new solution right away?
  • Understand your prioritization. Does your organization have key pain points that it needs to address that may be prioritized over other pain points? Has Privileged Access Management (PAM) been identified in an audit, but you’re getting by on your existing provisioning processes? Are you changing your business model, becoming a service provider to other organizations, therefore making federation the most important?

Ultimately, assessing your organization and its needs upfront is vital to ensuring that the appropriate projects and products are selected and implemented and that value is being provided to the business as a whole.

    Janel Schalk

By: Janel Schalk

Senior Director, Strategic Consulting and Access Management

See More

Related Blogs

September 16, 2014

Phishing with Smitty: A Unique Tool for Solicitation Attacks

This post will introduce you to the Smitty SMTP utility, which is a fully featured email client. We use this tool as a means to effectively deliver em...

See Details

May 25, 2017

Having an Identity Crisis? CISO’s Need to Own IAM

Within any company, we can find owners for every key function throughout the enterprise. If we ask, “who is in charge of human resources?” we know the...

See Details

January 27, 2012

Identity and Access Management - Goal-driven Business Cases You Can't Ignore

From a 30,000-foot-view perspective, the idea of risk being a driver and a business proposition for the implementation of Identity and Access Manageme...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

June 09, 2017

Identity and Access Management: Why Identity Matters

Learn why identity matters to your organization and how it can have a positive impact on your security program.

See Details

November 29, 2017

Five Steps to Ensuring a Successful Identity and Access Management Solution Deployment

After endless cost-benefit meetings, business case rewrites and months of organizational readiness activities, your identity and access management (IA...

See Details

May 23, 2016

Next Generation Identity and Access Management (Next Gen IAM)

Having spent the last 17 years in the identity and access management (IAM) space, I know two things are certain: Evolution is inevitable, and change i...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.