Now is the time to maximize identity program ROI
By Ashish Chandra, Wipro
As digital transformation, cloud adoption and changing regulatory compliance requirements creates ever expanding tensions and pressures, the delivery of identity program ROI has sometimes proven elusive.
What I’ve been hearing from clients this year is that as enterprises move along the modernized IAM journey, CISOs often find that they don’t realize the ROI they promised the CFO, CEO and other stakeholders. But it’s not the fault of the IAM effort as much as the implementation running into the realities of the IT environment and the threat landscape.
The good news is, there are some powerful solutions to these real problems.
At the recent Gartner Identity and Access Management Summit, Wipro CyberSecurists (architects, consultants and identity strategists from recently acquired Edgile) discussed why ROI seems elusive and demoed modern solutions. If you weren’t able to attend, we also released an important webinar — The ROI from Identity Orchestration & Automation — that hits all the key points around optimizing IAM program ROI.
Some highlights from the bonus session, webinar:
It’s important to start with an appropriate strategy. Given the extensive number of audiences impacted — employees, contractors, partners and customers, among others — as well as issues from all business units, the strategy must be realistic and factor in the most likely challenges.
When I say that it’s critical to have the right strategy, I don’t mean having a conceptual strategy in your mind. I’m talking about creating the strategy based on your objectives and working to simplify the process. It also entails putting in some realistic timeliness and clearly defining a roadmap. It could be short-term or long term. It could be a year, two years, five years. It all depends on what’s most appropriate for your business.
Another part of the strategy is factoring in everything that the enterprise and its relevant parties already have in their current environments and where executives expect to land later in the multi-year identity modernization process. We have to ask how we can help customers accelerate the adoption of the IAM software that they have already purchased or that is already making its way through the purchasing pipeline.
Part of the ROI disconnect is that many enterprises bring in various single-purpose applications that are supposed to deliver comprehensive identity security, but in fact only provide one small aspect of it. Even worse, these apps rarely integrate well with other identity apps. Again, it comes back to needing a full-fledged identity strategy that includes what is needed and nothing more.
Many organizations are spending millions of dollars on next-gen identity offerings. And both from a licensing and services perspective, they are still not able to reap the entire benefit because they are not able to automate beyond a certain point. Think about legacy applications. Are the necessary data validations being run when testing connected applications? A mechanism to test automation is critically important when you are onboarding hundreds or thousands of applications.
Many organizations start on the IAM transformation journey, but they do not have a migration and coexistence strategy. You need to have a parallel environment that is running. You are bringing in a new environment and there has to be a coexistence phase. That is very important from a transformation perspective. As the old environment ramps down, the new environment ramps up and takes on more functionality. This must be baked into the strategy of how you will approach the entire transformation.
A lot of these migration processes are manual and time consuming. We see organizations that are on a next-gen approach, but they are still spending millions of dollars on manual provisioning. And even if they have automated the request management aspects, they’re still doing the provisioning in a disconnected fashion. Large organizations that we work with have thousands of applications. Collecting requirements from multiple application stakeholders create backlogs for accelerated application onboarding and that is one of the big challenges. The lack of well-crafted automation slows down the implementation and drives up costs. Manual efforts steal critical talent from performing more strategic duties, a problem made even worse when facing Security staff shortages.
To learn more visit wipro.com/cybersecurity.
Connect with Edgile to get started
For details on how to optimize your information security programs, please contact your Edgile representative.