Gartner Blog Network

IGA Appears to Be Making Progress Toward Business Enablement

by Brian Iverson  |  March 19, 2015  |  Submit a Comment

I facilitated an analyst-user roundtable during the just-completed European Gartner IAM Summit in London on the topic of “Selling IAM to the Business”. Analyst-user roundtables are great opportunities for conference delegates who are interested in a specific subject to network amid discussion. Since the topic is one about which I am passionate, I couldn’t help being too much like an analyst in this discussion — so I ended up talking more than I should have. For that, I offer my apologies to the participants in an otherwise compelling discussion.

Some participants focused initially on how their IAM programs are attempting to demonstrate value based on automation. This prompted some participants to say that they also saw value in IAM contributions to compliance and ultimately security and risk management. At that point I felt that I had to talk about a slide on IAM drivers and benefits that shows up frequently in our IAM presentations.

IAM Drivers and Benefits

The increasing value of IAM in terms of drivers and benefits is depicted as a move from left to right, from security efficiency toward business enablement.

This led to an extended discussion of various ways that IAM can contribute direct business value to organizations. I shared some examples of how organizations have been able to derive direct business value from their IAM programs and how aligning IAM program objectives with an organization’s strategic priorities can help to increase the power of IAM business cases. I referenced a couple research notes that were published in 2014 on how to approach such alignment: “Build an Effective Business Case for IAM” (subscription required) and “Market Your IAM Program for Sustained Investment” (subscription required).

This got me thinking about how IGA products have evolved over the years toward providing greater value. At first, provisioning products (one type of predecessor to IGA) focused almost exclusively on automation. Identity and access governance (IAG) products (another predecessor to IGA) entered the scene when regulatory compliance became more of an imperative — and after provisioning products were found to be lacking in that regard. I have made the argument that when provisioning and IAG functionality were merged into unified IGA products, security became the true destiny of IGA.

I’m not suggesting here that IGA is not capable of supporting business enablement through delivery of direct business value. Some business cases have successfully demonstrated how deploying IGA products can indeed accomplish this. However, business enablement with IGA is more like the icing on the cake in a business case rather than the main driver for investing in the technology.

Can we expect another transformation of IGA to the point where it can be assumed to deliver direct business value? I don’t believe such a shift is inevitable, but I can’t rule out the possibility. This will certainly be a thread of inquiry in my speculation on the future of IGA.

Category: compliance  iam-program  iga  research  security  trends-predictions  

Tags: automation  business-case  business-enablement  direct-business-value  

Brian Iverson
Research Director
1 year at Gartner
23 years IT Industry

Brian Iverson is a Research Director in IT Leader Systems, Security and Risk at Gartner. His main coverage area is identity and access management (IAM), which encompasses a broad range of technologies and processes, including user administration/provisioning, access governance, Web access management and federation, directory services and virtual directories, and privileged access management. Read Full Bio

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.