Buried identity management treasures: The roots keep poking up

Last week I had the opportunity to conduct an identity management workshop with a large educational institution. 20 people attended, evenly distributed between IT and business operations, with some large constituencies notably absent. Let’s call them employees and customers. For as long as I’ve been doing identity management, this distribution is fairly typical. Identity management is seen a technical endeavor, after all (not!).

The vendor and the future role of the enterprise directory provided the impetus for the workshop. The directory is the core repository for authentication and identity information, and is the coordination point for provisioning events. This is a common scenario in many organizations, and is particularly challenging where the information integration tools and processes have been developed in-house. Years of policies and procedures are embedded in the directory and its surrounding applications.

The embedded nature of identity management doesn’t stop with the directory, however. One of the goals of the workshop was to identify where the institution could make improvements to its current provisioning situation. Many of the participants had never been in the same room together, let alone examine barriers and roadblocks in their provisioning processes. The participants are so used to living with their identity problems that they become blind to possibilities. The workshop changed all that.

It was revealing to hear about interdependencies between different systems, and how the lack of a common attribute could initiate a “deadly embrace” in the provisioning process. Days and perhaps weeks could be cut out of the provisioning timeline by rethinking these inter- and intra-system processes and dependencies, without spending anything on new technology. In some cases, the problem is right before our eyes.

What often holds organizations back is a lack of communication, coordination, recognition and empowerment. The key to exposing opportunities is the encouragement of healthy skepticism, personal interactions and the desire to make things better. It’s not enough to say that identity governance or a new and improved directory is the answer. By themselves, they may just color in the grey areas. What is most important, and beneficial, is the organizational imperative to expose challenges for what they are, and to remove embedded and obvious barriers to efficiency and effectiveness. The lower price tag and immediate improvements indicate the benefits an ongoing identity management program can accomplish. Under the right circumstances, the grey actually looks good.