| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Jun | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | ||||
- All things IAM (1)
Too much focus on technology?
20/06/2011 by John Mc.
Why is it that many people see technology as the panacea for IAM, rather than understanding how business works and delivering to that?
I have been reading through many comments about how to address identity and access management and I am struck by the number of people who suggest one technology vendor over another, without any reference as to why it made a difference to their organisation.
We know different products have their merits and limitations. We know that organisations need policies and procedures, monitoring and compliance.
What I think many approaches to IAM overlook is the overarching business rationale for why technology is deployed and policies and procedures written and enacted. I am concerned that there are tenuous links between technology and policy, as well as between business operations and the policies and technologies implemented. All of which I describe as the IAM ‘Blind Spot’.
IAM architectures are superficially simple but scrape away the first layer and the complexity starts to reveal itself. Much of the complexity is driven out of how the organisation actually works, so if the business processes are ill-defined or non-existent, the IAM system use cases are going to be nothing more than vanilla templates. How do you get a valuable solution from that?
I think the answer to my original question is that many organisations see IAM as a technology problem. I don’t. I see IAM is a business problem that is solved by the skilful application of technology.
Posted in All things IAM | No Comments »