We spent a lot of time earlier in the year looking at Identity and Access Management solutions and highlighting what business value IDAM solutions add for Enterprise.
Core supplies Identity and Access Management services to a wide range of customers where this is our only or main line of business. Quite often, we also work in an environment where we are part of an overall supply chain that includes the globally recognised system integrators or IT service providers.
We quite often find ourselves in a position where we are working with a customer who is trying to determine whether adding another supplier to their supply chain to gain specific expertise is the right thing to do, or whether they can trust an incumbent supplier to turn their hand at delivering an identity solution for the first time.
In many cases, Core is selected to provide identity as a consciously disparate solution and platform to the existing services delivered by their incumbent suppliers.
This is due in part to the significant expertise that Core brings to customers around making identity work in difficult legacy infrastructures. But, this type of commercial engagement is also due to another set of key strategic reasons...
Longevity
IDAM is a long-term, strategic solution that requires a significant investment from any organisation to implement, not due to the costs, but due to the likely period of the provision of services.
Building and implementing the base solution is a fast process; typically a few weeks from design to commissioning to get to a basic go live. That piece is very straightforward.
But, to get the best overall return on investment and user experience from your identity platform, you will want to leverage the additional services that it can deliver - specifically, automation and integration.
There will be an initial cost of implementing your IDAM solution which will vary depending on how many platforms you want to integrate with. Obviously, the longer that you continue running on the IDAM platform, the higher the overall ROI becomes. To maximise the return, the ideal length of an IDAM contract is between 5 and 10 years in duration, which can sometimes be at odds with traditional IT services contracts.
The technology used in Identity and Access Management solutions does develop rapidly, but any decent solution will evolve with the technology ensuring that you aren’t at an operational disadvantage through being in a long-term contract.
Integration of services
A good IDAM solution will integrate with all of your main platforms and services, so that it can provide protection across your enterprise.
Central to this, is the integration with your HR system to automate the process of creating users, provisioning services and licenses, deprovisioning users, removing manual administrative processes from the IT service desks, and providing a dependable, consistent outcome.
This delivers two distinct benefits. Firstly, it removes the major element of service desk resource time being used for low-value tasks and provisioning new users and frees up this resource to focus on more critical response activities and/or proactive development of systems and platforms. The other, main benefit, is that the automated process will deliver a completely consistent output, provisioning all of the right services for each user, based on their role type, in line with a set of predefined rules, ensuring consistency of attributes and settings.
To get the best outcome from your IDAM solutions, you will want to implement Single Sign On, (SSO), with all major platforms. The goal with this is to minimise the number of times your users have to enter passwords, speeding up the process for the users but also importantly aiding the security of your platforms.
As highlighted above, with Core there is a one-time cost for this integration, which can be amortised over time.
Expertise
There is more to this integration process than the one-time cost. Integrating existing systems and platforms into an IDAM solution requires a specific level of expertise that covers a range of disciplines.
Having expertise in the IDAM solution itself is the most critical factor. In Core’s case, our IDAM experts have over 40 years collective identity and access solutions experience, which they brought with them when it came to designing Aurora. Our IDAM architects used the lessons they learned from delivering other industry-leading IDAM solutions to develop a single platform that solved common deployment of user challenges.
By its nature, Identity and Access Management sits at the centre of your IT infrastructure and connects to every live service that you operate. At a minimum, your chosen provider should have detailed experience of deploying the solution and all of the platforms it connects to.
Having an expert using their deep understanding and experience of IDAM technologies to take a safe and consistent approach to deploying this technology in your critical line of business applications is worth every penny you spend, as a misstep there can cause a lot of knock on operational issues that will cost your staff non-productive time.
Deploying even an off the shelf Identity and Access Management software product requires more than just general IT skills and capability. These skills generally only exist within 3rd party specialists; the traditional SI and IT services community may have an understanding of the technologies involved, but if they have never deployed IDAM solutions they will be completely unprepared for the nuances and challenges of getting every platform working correctly and to the best of its ability.
If they plan on integrating a range of existing products into a central identity platform, (which is what Core did with Aurora 5 years ago), they will have to learn and adapt to the operational and process challenges that all of these integrations will throw up before even attempting to then connect this combined solution into a customer’s environment.
Process
Part of the expertise that a true IDAM specialist will bring to any new deployment, and the ongoing lifecycle management of your IDAM platform, will be the understanding of processes.
Processes are a critical element to IDAM in a number of ways.
Firstly, your IDAM solution should be designed to support and augment your existing processes rather than rewrite or redesign them. It’s much easier to change how a system-based process works than it is to change how a business runs and operates a process that has developed over a number of years.
One of the principles of a good IDAM deployment is making sure that the solution follows your existing business process, automating simple repeat processes to reduce labour and resource use where it’s not needed, and enforcing standardised policy wherever it exists. The processes that your IDAM solution should follow are the processes of your business, not the other way around.
Core’s Aurora IDAM platform was designed specifically to make sure this was deliverable in 100% of cases and that is one of the key reasons why we have some of the customers on the platform that we do. The highly-configurable nature of Aurora enables us to match existing processes, even if they are complicated by outdated process that exist to solve problems in a range of legacy systems.
The deployment process is also a critical factor in making sure that your IDAM platform supports your business requirements. IDAM is the gateway to all services, so making sure that it can continue to function in a BAU capacity while new services are being tested and on-boarded, is a critical success factor.
Mitigation of risk
All points combined - making sure that you have a suitably experienced provider, with a proven solution that has a track record of successful deployments, in suitably complex environments to your own - is the only way you can mitigate the risk of an IDAM project.
Getting IDAM wrong has significant operational and security implications which can be catastrophic to a business' day-to-day activity and capability.
The other key reason to make sure that identity is managed by a specialist 3rd party, is to avoid supplier tie-in.
Identity and Access Management is a long-term strategic solution because of its complexity and its position as the gateway and gatekeeper to your IT platforms. Making a change to your IDAM platform is a high-risk activity on its own. Coupling this with a contract for any other widely-deployed user-centric IT service places you in a position of massive dependency on that supplier.
This has two negative effects. Firstly, in the event that anything happens to your incumbent provider during the life of the contract you have a massive operational risk as you have more than one critical IT platform that will require rapid replacement. Core mitigates this risk for our customers by placing each Aurora system in Azure, so that in the event of anything happening to Core’s business, a customer can assume control of the platform and keep it running until a suitable alternative can be sourced.
The second major element of risk is supplier lock-in. If you are buying two critical interconnected services from a single supplier, such as identity and client devices, the risk of change and cost of change at a contract renewal point becomes so large you may not be able to justify moving away from that provider. This places your organisation in a weak negotiating position and opens the door to significant price increases by your incumbent supplier at renewal point.
Many new entrants to the Identity and Access Management marketplace are predominantly there because they know that this makes them much more likely to be a longer-term feature in the customer's supply chain, due to the risk and cost of change factors; even if they deliver a less than sterling service.
There is a better way
Don’t make these mistakes in your organisation;
- Look to work with an IDAM partner who specialises in IDAM and has existing partnerships with their key technology partners.
- Work with an IDAM partner who has a solution that delivers true value to your business through adding features to your existing processes, rather than re-writing them and expecting the organisation to change.
- Only look at partners who have a demonstrable track record of delivering working solutions for IDAM in organisations that are as complex or more complex than your own. The expertise required to work diligently and effectively in your environment will be extremely finite.
- Don’t be the test case for a new technology when buying IDAM solutions. If a supplier is building you a bespoke solution leveraging a range of products that they haven’t combined before, the risk factor to you as a user is huge.
- Remember that Identity and Access Management is the gateway and gatekeeper to your platforms and systems. If IDAM is not working, your people can’t work.
- Be wary of suppliers attempts to tie you into a long-term association by putting all of your eggs in one basket.
- Try not to combine suppliers for IDAM with other end-user technologies, as you will significantly multiply your cost and risk of change at renewal time.
If you would like any further information on Identity and Access Management, details of how Core can help your organisation, or a quick overview of what we have done to support customers in your industry, please get in touch with the Core team here.