Thursday, December 6

Gartner IAM Notes

In case you missed all the live tweeting by me and others, here are some notes from this week's Gartner IAM Summit:
  • There seemed to be a common theme that the primary driver for IAM projects has shifted from operational (early) to compliance (recent) to business enablement (now).
  • Communication to the business stakeholders is key. (not new, but as important as ever)
  • IAM and IAG seem to be converging.


(from Chris Howard’s keynote)

  • The CIO’s business goals are to increase business growth, attract new customers, and reduce cost.
  • The CIO’s IT goals are to deliver solutions, manage infrastructure, reduce cost of IT, and expand analytics.


(from Jeff Wheatman’s session on DG)

  • Despite increasing requirements, less than 10% of orgs will get above maturity level 1 by 2015.
  • Solutions that help identify ownership and accountability are very immature.

Customers will look at solutions that can:

  • 3. Prevent situations (most difficult & expensive)
  • 2. Alert & Notify upon high-risk situation
  • 1. Document & Accept risk (which is OK for many – least costly)

Unstructured data remains a very big problem.

(from Lori Rowland’s session on Selling IAM with Perry Carpenter and Tom Scholtz)

ROI is impossible to demonstrate. Business cases are based on:

  • Efficiency: Any perceived time savings
  • Effectiveness: Improved audit, tracking, regulatory
  • Enablement: enhance business opps, reduce friction, integrate networks, etc.

You must continuously show value to the business by communicating success and building credibility with regular, honest feedback. You can do this by stating goals clearly up front and tracking toward them. One great example was to send a survey to stakeholders on where their pain lies. Measure their pain (1-10). Track progress on pain level improvements to show progress and success.

Roughly 45% of attendees reported that IAM was sponsored by CIO and 45% by CISO. Two things everyone has in common as drivers: Time & Money.

3 comments:

Dave Kearns said...

Yeah! I was begin to think blogging conferences was as dead as SAML...

Richard Blackham said...

So not much has changed really in the past 5 years except that Gartner has absorbed some of the experts through their acquisition of Burton Group and they are all still singing from the same old song sheet. Clearly tere's not much thought leadership going on there. For me it would bring into question the value of having an analyst on board as companies move through the IAM process to deployment.

There is way too much stating the obvious going on but specifically on ROI, not only do the analysts keep putting their heads in the sand over a commitment on ROI, but they keep raising it like someone is going to come along and answer their prayers with a 'How To' guide to calculating ROI. I used to think it was an important factor in evaluating the commitment to an IAM project but my views have changed. The value for the CIO is in the enhanced protection, the peace of mind, the automation to stop human error, and the drop in FTE headcount.

After twenty years of directory services, identity and access management projects and enterprise mail deployments I can quite honestly say I am working on the most exciting and stimulating project to date. No analyst has even considered a case study for an enterprise migration to Google yet and frankly I hope they stay out of it until we have completed the mammoth task of moving this enterprise, in a highly regulated industry, from Exchange to Google mail and docs. The IAM processes for users and their use cases in 160 countries are fascinating, entirely different, and light years away from analyst conference counseling today. Let it mature before barging the door, and then take a fresh look on ROI. You'll be amazed.

Matt Flynn said...

Interesting perspective Richard. I think what Gartner does well is help vendors understand what their customers are struggling with and to help customers understand what's being offered by the vendor community. Being on the vendor side, I always felt it was up to us collectively to be the innovators. I also witnessed that customers are struggling with ROI and that some of Gartner's techniques were helpful.

Sounds like there will be numerous lessons learned on your project. I'd love to hear more when you're ready. The message I've heard thus far about moves like that is one of caution.