Identity and Access Management Need Different Approach: Gartner

Most organizations are approaching identity and access management (IAM) in the wrong way by working with production requirements first, at least according to Gartner.

“Between half and two-thirds of organizations attempting to establish a truly-effective IAM program approach it in the wrong way,” said Earl Perkins, research vice president at Gartner (News - Alert).

According to Perkins, IAM process requirements should always precede organization and technology decisions. But currently, most IAM planning is done around clusters of technologies, rather than by addressing specific IT or business processes.

The “build experience” of IAM projects has not been a good one. While technologies are evolving, efforts to build an IAM system overlook a key lesson.

For many organizations, planning for IAM starts from the wrong direction with the wrong people, according to a Gartner report called “A Process View of Identity and Access Management Is Essential.”

IAM started as a “fix the plumbing” concern. With the emergence of risk, compliance, accountability and transparency, this has changed. The basis for good IAM involves an active role by the organization, as only they can say what and how accountability and transparency of access should work for them.

In organizations where accountability and transparency are required and must be formalized, there should be a focused and structured approach for all parties affected, and not just IT, to ensure the success of IAM.

IAM should not be planned or implemented with operations in mind. IAM should be based on the foundations of the organization relative to policies, processes and people.

Products are a relatively small focus of the decision process in an IAM program.

Gartner is suggesting organizations to look at IAM as a process. If IAM is considered as a process, it has several advantages. It removes the product-centric pattern the market has placed on IAM. It also contributes in a significant way to how enterprise, and security, architecture is enriched with the addition of IAM-specific architecture.

Earlier in 2007, Reportlinker released a report that predicted that identity and access management services industry will grow at a CAGR of 7.28 percent over the period 2007 to 2011. According to the research agency, use of identity and access management services will curtail the administrative time up to 50 percent.