When people first start talking about the need for Identity and Access Management, it usually stems from some pain they're hearing from their users.
- "Why can't I use my corporate login to access all of my systems?"
- "Why do I have to keep logging in over and over to get access to my applications?"
- "Why do I need to remember another username and password to use your service?"
These are all excellent questions that highlight the benefits your users can quickly gain by adopting any one of the many identity platforms. But if adding some convenience to the consumers of your services is the biggest win you hope to realize, you've barely scratched the surface.
Instead of focusing merely on the questions of your users, ask yourself a few questions.
- "Do I know all of the secured applications my company uses?"
- "Do I know who has access to each system?"
- "Do I know what sensitive information the users can access in each of the systems?"
- "How quickly can we ramp up security for a new application? How quickly can a user gain access?"
Identity and Access Management is not a convenience play. Sure, it'll thrill your users to reduce the number of passwords they need to remember. It will delight your operations team that password resets, account unlocks, and even account registrations can now be done through self-service portals.
But in the end, the reason you invest in IAM is far more strategic. IAM is an opportunity to build governance, assurance, and performance into your access control program.
- Governance: Take control of who can access information, and build tools to create and enforce access policies with ease.
- Assurance: Be certain that people don't have more access than they need, keep access after they've moved out of a role, and ensure your sensitive information remains safe.
- Performance: Expedite the speed of delivery by leveraging a strong, convention-based IAM program that takes the guesswork out of how to implement all layers of identity and access.