IDENTITY CENTRIC

IAM is a critical part of an enterprise security posture and as such it is important to meticulously plan and execute the implementation of the enterprise IAM platform. IAM implementation projects are complex and vary significantly often mirroring the complexity and the processes within an organisation.

‍

While an IAM implementation project needs an element of tailoring to best reflect an organisation’s needs and goals, there are common sets of tasks that apply across the board to most projects. Identity Centric provides ready to use project templates that cover a comprehensive set of project activities and risks that provide a head start to any project owners about to kick start an IAM project.

‍

‍

In this latest series we will cover all aspects for a project plan for a successful IAM implementation.

This is the phase where an enterprise usually identifies the need for an IAM solution. IAM team might not be in place at this stage of the project as this is usually driven Audit, Risk Management or IT Leadership teams. The need for an IAM solution could be driven by,

       •       Audit or Compliance findings or requirements

       •       Risk Analysis

       •       Business Process Improvement or Transformation with an aim to reduce the cost and time for onboarding and offboarding users

‍

This is one of the most important phases in your IAM programme and the overall success or failure of the programme could very well be rooted in a detailed plan that considers all different aspects of the enterprise’s IAM need, identify the stakeholders, define a budget, resource requirements and key risks.

       •       Project Kick-Off

       •       Define Project Goals

       •       Identify Stakeholders

       •       Define Resource Requirements

       •       Identify Applications in Scope

       •       Define a Risk Register

       •       Define key dates

‍

This phase is to understand and define key requirements including mapping any existing processes, identifying key non-functional requirements around performance, HA/DR and security architecture.

     •       Setup stakeholder interviews

    •       Define as in process (Automated or Manual) for Joiner/Mover/Leavers and Re-joiner

    •       Define Infrastructure Requirements

     •       Identity Security Architecture Requirements

     •       Define HA/DR Requirements

     •       Define Testing Requirements

     •       Training and Communication Requirements

     •       Define Operational Process Requirements

‍

The key design decisions are made during this phase. High Level Architecture and Design documents are created. These need to be reviewed and approved by key stakeholders. It is strongly recommended that beyond this stage, the project should shift focus to smaller achievable milestones. For e.g. focus on low level design for joiner and proceed with its implementation as a milestone before moving to mover process, followed by leaver process.

    •       Define High Level Architecture Document

    •       Define Network Flow Document

    •       Define High Level Solution Design Document

    •       Setup review sessions with stakeholders

    •       Get stakeholder sign-off

    •       Define Low Level Design Document

    •       New Joiner/Mover/Leaver Processes

    •       HR Source Integration Design

    •       HR Source Attribute Mapping

    •       AD Integration Design

    •       AD Attribute Mapping

    •       Naming conventions for applications/tasks/rules/configuration

‍

The implementation phase is kicked off once the design and architecture are in place, the key requirements are defined and the required infrastructure is in place. For on-prem deployments this would mean the hardware or VMs setup is complete. Firewall ports have been opened and any required collectors for SaaS deployments are in place. A milestone-based approach with small batch of deliverables in each release to be taken from dev to production is a highly recommended.

Milestone 1 - Platform Build (on-prem)

    •       Development Environment Build

    •       UAT Environment Build

    •       Production Environment Build

    •       Setup Build/Deployment Tools

    •       Setup Source Control Systems

    •       Setup/Integrate Monitoring Tools

    •       Setup Backup Configuration

    •       Setup HA/DR Environment

    •       Email configuration

Milestone 2 - 0 Day Onboarding (SaaS/On-prem)

   •       Configure HR Connector (Dev)

   •       Configuration AD Application (Dev)

   •       Test and Schedule Import Jobs/Tasks

   •       AD Passthrough/SAML Login configuration

   •       Setup RBAC

   •       Verify HR and AD Attribute Mappings

   •       Migrate configuration to UAT and perform testing

   •       Migrate configuration to Production and perform testing

   •       Go-Live

‍

One of the most critical elements of any Identity implementation is to ensure that the day to day operations, also known as the Business As Usual (BAU) process is planned and signed off by all the stakeholders before the first phase of the project goes live.

   •       Onboarding Plan

   •       Review Task/Job Monitoring Reports

   •       Review daily reports to for JML issues

   •       Review Access Request issues

   •       Schedule Access Reviews

   •       Review progress of ongoing Access Reviews

‍

1. Integration Challenges

The nature of IAM systems requires integrations with a wide range of business applications from new age SaaS based applications that support latest API standards to legacy systems that have limited interfaces but are still critical for business. The integrations are usually done using connectors provides by IAM systems. If not managed properly, a significant part of IAM implementation and management effort can be used up setting up these connectors taking away focus from other critical aspects of the project.

‍

2. End User Adoption

A significant challenge for any enterprise implementation is push back and resistance from users who are going to use the new platform. Since IAM systems aim to automate existing onboard/offboarding processes across large number of business applications within an organisation, the push back is often more widespread and can add significant delays and risk to the IAM project.

‍

3. Permissions Management

IAM systems are used for defining and managing access, permissions and roles. What starts off as a simple process mapping access and permissions to roles can quickly turn out into an unmanageable sprawl of roles. All of these roles and their underlying access and permissions need to be managed via well-defined lifecycle so there is full visibility from the point they are created, recertified and retired.

‍

4. Skilled Resources and Cost

IAM implementations can be complicated and time consuming which translates into high implementation costs. Apart from procuring the required technologies, resource cost is a major factor that needs to be budgeted and planned to ensure that projects can be completed successfully. Finding skilled resources is often a major reason for project delays. Aligning with the right implementation partner is critical to ensuring ongoing success of the project and longer term goals.

‍

5. Scalability

As more and more applications are onboarded to the IAM platform, there can be a degradation to the performance and response times from the IAM platforms. It is important to run a sizing and scoping exercise to understand the volume of data that will be processed and stored by the IAM platform and the end user usage. An ideal scenario will be to scale up the IAM infrastructure as additional sources are onboarded. This will avoid underutilisation of provisioned resources but enterprise processes are complex and often lack agility to dynamically scale up and down when required.