Can you share any tips or lessons learned from your IAM implementation? What would you do differently, if anything?

3.5k viewscircle icon3 Comments
Sort by:
CISO in Energy and Utilitiesa month ago

IAM will not solve your problem if your access management process is not working appropriately. So your task first is to do a preparation phase to and IAM/IDM implementation to assess your business processes, your HR and access management processes and the tools you are planning to involve under the IAM/IDM. These projects can easily fail if the preparation part is missing. 

Director of IT in Manufacturinga year ago

Its a tricky implementation and sometimes could be long running as well

1) Pay attention to your current IAM landscape as its easier to implement something greenfield rather than introduce new IAM systems in an existing setup
2) If you are using some integrators, depending on your IAM scope, make sure you have the right expert resources from the Integrator as they can screw up big time as its a very specialized field
3) Integrator contracts to be carefully done with penalty clauses for schedule overruns or poor quality
4) Create your test cases carefully as many unforseen situations can happen in IAM implementations
5) Pay attention to End User experience and sometimes its a trade off between security and User experience
6) Engage your security architects and Infra architects from the  beginning. Also involve Enterprise architects or solution architects as some use cases are better known to them
7) Plan a step by step implementation and start with pilot rollouts instead of full big  bang deployment

rgds/sanjay

Lightbulb on1
CISOa year ago

IAM is arguably one of the most complex and impactful programs in the security stack. Ensure all participating and affected parties are engaged from the program's inception. Get buy-in from management and key stakeholders from each business unit that will be affected. Start conversations with IT, business, and users during the design and architecture phase.
Emphasize the importance of user experience in IAM implementation. The more time users have to adapt, the more successful the program will be. For instance, while 'phish-resistant MFA' may be the ultimate goal, for a user unfamiliar with MFA, it can be overwhelming. Starting with a less impactful option can be a good initial step.
Any IAM effort, no matter how small, is a project. At least IT and security resources are needed for success. Ensure alignment and allocation of resources. Don't treat it as BAU.

Content you might like

Yes75%

No10%

Working on it13%

View Results

Yes, we currently provide passwordless authentication33%

No, but we plan to implement passwordless in 202137%

No, but we plan to implement passwordless in the long-term21%

No, and we don't plan to implement passwordless8%

View Results