- There seemed to be a common theme that the primary driver for IAM projects has shifted from operational (early) to compliance (recent) to business enablement (now).
- Communication to the business stakeholders is key. (not new, but as important as ever)
- IAM and IAG seem to be converging.
(from Chris Howard’s keynote)
- The CIO’s business goals are to increase business growth, attract new customers, and reduce cost.
- The CIO’s IT goals are to deliver solutions, manage infrastructure, reduce cost of IT, and expand analytics.
(from Jeff Wheatman’s session on DG)
- Despite increasing requirements, less than 10% of orgs will get above maturity level 1 by 2015.
- Solutions that help identify ownership and accountability are very immature.
Customers will look at solutions that can:
- 3. Prevent situations (most difficult & expensive)
- 2. Alert & Notify upon high-risk situation
- 1. Document & Accept risk (which is OK for many – least costly)
Unstructured data remains a very big problem.
(from Lori Rowland’s session on Selling IAM with Perry Carpenter and Tom Scholtz)
ROI is impossible to demonstrate. Business cases are based on:
- Efficiency: Any perceived time savings
- Effectiveness: Improved audit, tracking, regulatory
- Enablement: enhance business opps, reduce friction, integrate networks, etc.
You must continuously show value to the business by communicating success and building credibility with regular, honest feedback. You can do this by stating goals clearly up front and tracking toward them. One great example was to send a survey to stakeholders on where their pain lies. Measure their pain (1-10). Track progress on pain level improvements to show progress and success.
Roughly 45% of attendees reported that IAM was sponsored by CIO and 45% by CISO. Two things everyone has in common as drivers: Time & Money.