As I’ve mentioned previously, a major obstacle to IdM project implementation is fragmented ownership. Consider:
- HR owns the “Identity Data”
- IT Owns the Technology infrastructure, email and PBX systems
- Legal is responsible for compliance
- Corporate Security owns the Access Systems and assists with compliance
This fragmented ownership makes it quite difficult to determine who owns, funds and administers the IdM project. So ultimately the following things need to happen:
- Identify an executive owner. Since there’s probably no CIdO in the organization, someone at the C-level needs to own the project. This person will be the champion of the project at senior levels of management, who will fight for budget, acceptance of the system and control the ultimate destiny of the project. Without this person there can be no clear vision or representation of the project and it will most likely be doomed to failure.
- Begin the Project plan. Typically this will require:
a. Identifying repositories to be used
b. Designating an authoritative repository; begin reconciling data into the repository and applying cleansing rules. Synchronization tools such as MaXware’s synchronization technology found in DSE and MIC are perfect for this.
c. If desired replicate applicable data to the repositories mentioned in (2a). This ensures that no matter where users look in the enterprise infrastructure, they will see clean, authoritative data.
d. Outline and implement provisioning workflows for the repositories in (2a).
e. Outline and implement password management, self service, administrative and other workflows as dictated by your IdM processes and software.
f. Develop compliance and metrics reporting processes. g. Review processes and compliance checks on a scheduled basis.
This is not meant to be a comprehensive outline, but rather the beginnings of the implementation plan. This is a basic flow that will need to be expanded on as dictated by your organizations goals, IdM Software, compliance needs and infrastructure. Many organizations will find themselves caught for a while in creating a cleansed and valid authoritative store. The important thing is that as the project is designed, make sure there are separate, distinct phases and that the executive sponsor is kept aware of progress and milestones reached. Hopefully when IdM products and consultants are chosen by the organization, they will come equipped with the ability to make a detailed project plan.
Since there is no designated person or department that currently owns the Identity Process, I believe that understanding the underlying process to implementing your identity management project is essential and will make the difference in achieving the objective.
No comments:
Post a Comment