Build the Case for an Identity and Access Management Program

How a formal program management approach can help IAM and IT leaders accelerate adoption of IAM capabilities.

No longer limited to security functions, identity and access management (IAM) has expanded its influence into new domains that include supply chain, consumer IAM (CIAM) and the Internet of Things (IoT). It’s no surprise then to see IAM emerging as a leading business accelerator, particularly as organizations embark on digital transformations.

Despite IAM’s growing influence, many IAM and IT leaders still struggle to position it as a strategic business priority and secure adequate resources and investment to fulfill their initiatives.

Formal IAM programs are becoming a necessity

According to Kevin Kampman, research director at Gartner, a large number of IAM programs are at early stages of adoption. Communications and recognition remain informal, leading to inconsistent adoption and employment of IAM capabilities.

“IAM is inherently complex and requires the discipline that only a program management approach can provide,” says Kampman. “As organizational IAM needs are expanding and diversifying, formal IAM programs are becoming a necessity.”

To justify and support the development of a formal IAM program, IAM leaders are asserting themselves into digital transformation initiatives, such as CIAM and IoT. They also need to work closely with key stakeholders and executive management to relate the benefits of the IAM program directly to business outcomes.

Build resilience in a world of escalating risk

Learn how at Gartner Identity & Access Management Summit 2019


Here are three steps that will help IAM and IT leaders build a case for their IAM program.

  1. Enlist an executive sponsor
    Few IAM leaders currently have the social capital or organizational recognition necessary to be an effective advocate for IAM and business alignment. To remedy this, identify a champion to promote and communicate the benefits of the IAM program. A successful IAM program begins at the top, so identifying the right business advocate to promote and sustain stakeholder interest in IAM is key to the success of the program. Good candidates include the CEO, company secretary or chief legal counsel.
  2. Collaborate to innovate
    Collaboration with and interaction between the digital principals — marketers, architects, designers and developers — will expose the IAM team to new perspectives and mutually beneficial opportunities. By aligning with the digital business strategy, highlighting the impact of innovation and the shift away from operational thinking, IAM or IT leaders will be able to make a case for IAM staff to take on new responsibility and commitments.
  3. Implement independent governance
    Governance provides a program with the responsibility and the authority to manage its constituent activities, and holds it accountable for the results. While it’s important to determine how governance is approached in the wider organization, recognizing IAM as an independent IT governance discipline will ensure clear accountability and decision rights for IAM in the organization.

Gartner clients can read more in "Why You Need an IAM Program" by Kevin Kampman et al.

Get Smarter

Gartner Security & Risk Management Summits

The latest insights on IT trends, evolving security tech and the ever-changing threat landscape.

Explore Gartner Conferences

Shift From Managing Risk and Security to Enabling Value Creation: SRM Leaders’ New Imperative

The moment has arrived for security and risk management leaders to act decisively to safeguard and support business objectives.

Read Free Gartner Research


Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching