As a market discipline, Identity and Access Management (IAM) has matured over the past several years. As vendors have entered the market with more modern offerings, organizations have been able to successfully shift the focus of IAM away from being solely an IT tool to being a system that can deliver concrete business value.
Taking a quick step back, provisioning tools (what we historically called “identity management”) were built to help IT automate IT activities – provisioning or de-provisioning user accounts or resetting user passwords. They achieved only modest success, largely because they required a great deal of custom coding to deploy and as a result, were typically only connected to a small number of applications. Even today, we see a large number of enterprises with provisioning systems deployed but only used for a handful of applications.
Modern IAM solutions are different – not only can they help automate IT activities but – more importantly – they deliver business value. They do so by helping the line-of-business become involved in making access decisions by making these choices simple for the line-of-business to make and by automating IT activities behind the scenes.
They key to all of this is collecting and unifying identity context about people – collating all the accounts, entitlements, and attributes of users – into a cohesive whole. Once this is in place, it’s straightforward to then create efficient business processes for lifecycle activities – like onboarding new users (Joiners), de-provisioning departing users (Leavers), or handling changes in roles or job functions (Movers). And while managing these identity lifecycle activities, the system can ensure that policies and processes are enforced to ensure compliance with internal and external security guidelines.
Imagine that hiring managers can request access for new employees and have it correctly provisioned within 48 hours. Imagine that new users automatically get all their appropriate system access based on their job role. Imagine that all users remain in compliance with security and regulatory policies since the system continually enforces access policies and prevents users from obtaining inappropriate access. These are the kinds of benefits that organizations can obtain today.
Interested in learning more? Take a look at our IAM Buyer’s Guide and our interactive recommendation tool for more information about how to evaluate and get started with an IAM system that can deliver business value.