"The unexamined life is not worth living"
"The unexamined Identity Management solution is not worth the investment"
While not quite as eloquent as the original, my point is that we should apply Socrates' theory to business and IT strategy just as we apply it to the way we live our lives. I gave a nod to a blog post a while back that described Identity Management as a lifestyle. Yesterday, in an article entitled CIO Jury: Businesses face ID management headache, the CIO Jury reminds us that identity management is a lifestyle. You can't set it and forget it like Ron Popeil. You need to make a plan, start to build, re-evaluate, launch some functionality, re-evaluate, build some more, alter the plan, evaluate what's coming next, etc.. There are certainly technology components that will run on their own without constant maintenance, but they live at a very tactical level. At the strategic level, it's important to continually re-think the plan. The business climate as well as the technology landscape are both dynamic in nature. Change is constant. Keep this in mind during planning and be prepared to switch gears if needed.
In a recent MaXware webinar, a customer described the process of backing out of a big investment in IdM and starting again with an entirely new product set. The webinar will be available on the MaXware site and it's definitely worth the viewing time. One important take-away for me was that you can forfeit a major investment that's not working, completely shift gears and come out successful. It takes some guts and some ingenuity, but it can pay off. The webinar presented an excellent example of the value of constant re-evaluation.
Another point I want to make is that while planning an Identity services architecture, it's vital to build an environment that is flexible and adaptable. Take a look at Identicentric's idBUS product. They've got the right idea. Build a flexible service-oriented middleware layer that enables you to quickly adapt the front end apps or the back end infrastructure to the ever-changing business requirements. I've also talked in the past about Virtual Directory as a data abstraction layer providing similar capability but at a data access level rather than an application access level. Think about these approaches and how else you might enable your Identity Services infrastructure to adapt quickly to changing requirements.
And rethink your Identity Management strategy. It's always a good time for that.