Identity and access management (IAM) engineers are in high demand. We often hear from customers that the one key person who knew about their IAM solution and needs has moved on to another position leaving the current staff with a gap in knowledge and expertise. This causes stress and extra time spent becoming familiar with what’s in place, gaining the knowledge to understand the details, and identifying key needs. Worst of all, they are left with an empty role--there is no one to fulfill those needs and get (or keep) the IAM environment up and running as expected.
If you are in a situation like this, a complete IAM assessment can help to fill the knowledge gap and position you to better withstand the comings and goings of key personnel in the future.
What to Look for in an IAM Assessment
To be truly useful, an IAM assessment needs a few important components. The starting point should be discussions and interviews with key area stakeholders within your institution or organization. These can often bring up forgotten needs that have been pushed to the side in favor of other priorities. Hearing the different points of view and requirements throughout your organization helps clarify both your current and long-term priorities.
An effective assessment also includes a review of your existing documentation and infrastructure. This will provide information about whether you are well-positioned to withstand staffing changes and how your IAM solution stacks up against current best practices and policies. Combined with the discussions and interviews, the documentation and infrastructure review creates a complete current state picture.
The deliverable for an effective IAM assessment begins with a clear statement of your goals, objectives and business needs. An effective assessment also includes a comprehensive summary of the current state of your IAM solution and how this aligns with your goals. It presents a proposal for addressing your immediate infrastructure and documentation needs and a roadmap that can guide your decision making for the future. The roadmap should include a statement of issues, gaps, and potential roadblocks as well as specific recommendations related to tactical and strategic next steps.
Why Do an IAM Assessment?
A complete IAM assessment provides an accurate and comprehensive view of the state of your IAM solution. It allows you to make knowledgeable choices based on all of your needs and priorities, and to manage your current system and enhancements in a more efficient and cost-effective manner. It ensures that you are aligned with best practices and industry standards for security and usability both now and in the future. Finally, it provides an understanding of the current state of your system and your future roadmap that is independent of key personnel.
It can be frustrating when a key IAM person moves on and leaves behind uncertainty and knowledge gaps--especially in a functional area that is so critical to the success of an organization. A comprehensive and well-crafted IAM assessment can protect you from the consequences of staff transitions and ensure that you will be able to make the right choices to move your IAM system forward in the future.