How do you balance user experience with the need to maintain an effective IAM program? Can you share any tips for navigating those trade-offs?

Security Strategy & RoadmapIdentity & Access Management (IAM)
3.7k viewscircle icon3 Comments
Sort by:
Technical Advisor10 months ago

In my view, IAM should absolutely be about improving the user experience alongside the risk reduction and improved compliance that it can deliver. As you said in your comment, a well implemented IAM platform should make a user more empowered and more productive. They should be able to obtain access to resources they need (subject to the right approvals) through access requests via self-service. They should be able to self-serve simple tasks like password reset. They should have a streamlined login experience through SSO. They will have less credentials to remember (typically).

Whenever I talk about IAM solutions, user experience is always one of the top benefits.

Co-Founder & CISO in Finance (non-banking)10 months ago

I have actually got buy in for IAM programs BECAUSE they can increase user experience. For example SSO and Password Managers. The programs needs to be sold as allowing users to do more things securely rather than taking away their access!

Lightbulb on1
Chief Information Security Officer (CISO) VP Information Security in Manufacturing10 months ago

For the most part, a more mature IAM program tends to bring a positive impact to user experience 
Implantation of a single streamlined authentication platform, implementation of SSO and adaptive MFA should more and more reduce the friction of the user with the authentication process and less and less reliant on frequent password authentication 

Add to that IGA adds automation and a more timely, accurate and user positive experience through role based authorization and permission provisioning 

It is important to ensure the value the IAM program brings is advertised to your organization to demonstrate the value to user experience 

All this plus the huge risk reduction you gain as you grow the program 

One area I see the most struggle with is wrangling up those privileged users (admin and developer accounts) who are often used to uncontrolled and unfettered level of privileged access, bringing a PAM solution tends to cause a change in how they do their work, which they often perceive as disruptive, this tends to soften up and get more acceptance as they get used to the alternate way of doing work and they realize it is that disruptive 

All in all, there are many more positives to a well designed and deployed IAM program 

Hope this helps provide at least my view on this topic 

Happy to chat more if you’d like 
Best of luck 

Lightbulb on1

Content you might like

Do you allow access to workday/HR application outside of InTune or another MDM tool?

What is your policy for hourly employees accessing Workday ‘off hours’? How is this policy managed?

Read More Comments

Do you have an end of life plan for your IoT devices?

Yes, for all26%

EOL plan for some, but not all37%

EOL plan for just a few16%

No EOL plan for any IoT19%

I’m not sure…1%

View Results

Do you think your data security budget will likely increase or decrease within the next year?

Significant increase6%

Moderate increase47%

Minor increase15%

Neither – budget will likely be the same15%

Minor decrease12%

Moderate decrease

Significant decrease6%

Unsure for now

View Results

What’s your organization doing to protect against risks related to disinformation? How are you approaching this & which business unit leaders are currently involved?

Read More Comments

Are there any specific risks that “shadow AI” introduces that traditional shadow IT does not? How are you handling any risk or compliance issues that didn’t exist with shadow IT?