Build the Case for an Identity and Access Management Program

How a formal program management approach can help IAM and IT leaders accelerate adoption of IAM capabilities.

No longer limited to security functions, identity and access management (IAM) has expanded its influence into new domains that include supply chain, consumer IAM (CIAM) and the Internet of Things (IoT). It’s no surprise then to see IAM emerging as a leading business accelerator, particularly as organizations embark on digital transformations.

Despite IAM’s growing influence, many IAM and IT leaders still struggle to position it as a strategic business priority and secure adequate resources and investment to fulfill their initiatives.

Formal IAM programs are becoming a necessity

According to Kevin Kampman, research director at Gartner, a large number of IAM programs are at early stages of adoption. Communications and recognition remain informal, leading to inconsistent adoption and employment of IAM capabilities.

“IAM is inherently complex and requires the discipline that only a program management approach can provide,” says Kampman. “As organizational IAM needs are expanding and diversifying, formal IAM programs are becoming a necessity.”

To justify and support the development of a formal IAM program, IAM leaders are asserting themselves into digital transformation initiatives, such as CIAM and IoT. They also need to work closely with key stakeholders and executive management to relate the benefits of the IAM program directly to business outcomes.

Gartner Identity & Access Management Summit 2018
Transform operations into opportunity
Attend

Here are three steps that will help IAM and IT leaders build a case for their IAM program.

  1. Enlist an executive sponsor
    Few IAM leaders currently have the social capital or organizational recognition necessary to be an effective advocate for IAM and business alignment. To remedy this, identify a champion to promote and communicate the benefits of the IAM program. A successful IAM program begins at the top, so identifying the right business advocate to promote and sustain stakeholder interest in IAM is key to the success of the program. Good candidates include the CEO, company secretary or chief legal counsel.
  2. Collaborate to innovate
    Collaboration with and interaction between the digital principals — marketers, architects, designers and developers — will expose the IAM team to new perspectives and mutually beneficial opportunities. By aligning with the digital business strategy, highlighting the impact of innovation and the shift away from operational thinking, IAM or IT leaders will be able to make a case for IAM staff to take on new responsibility and commitments.
  3. Implement independent governance
    Governance provides a program with the responsibility and the authority to manage its constituent activities, and holds it accountable for the results. While it’s important to determine how governance is approached in the wider organization, recognizing IAM as an independent IT governance discipline will ensure clear accountability and decision rights for IAM in the organization.

Gartner clients can read more in "Why You Need an IAM Program" by Kevin Kampman et al.

Get Smarter

Gartner Security & Risk Management Summits

Attend a global Gartner Security & Risk Management Summits.

Explore Gartner Events

How to Evaluate Cloud Service Provider Security

Security and risk management leaders continue to experience challenges to efficiently and reliably determine whether cloud service providers...

Read Free Research

Managing the Security Risks of IoT Innovation

While IoT provides a revolutionary approach to technology innovation for digital business, with great change comes great responsibility....

Start Watching