I read an interesting post today by Jeff Boren, who has been very active in the recent Metadirectory debates (a good summary can be found here) amongst Matt Flynn, Ian Yip, James McGovern, Dave Kearns, Jackson Shaw, Clayton Donley and myself.
Jeff points out that:
And here is the real crux of the matter: most enterprises don’t really want an identity solution. What they want is a “spend less money, get everyone access to what they need when they need it, keep the bad guys out, keep us out of the headlines, and the CEO would really, really, like not to go to jail” solution.
While a touch cynical I think Jeff’s post does point to a central issue in IAM. Without a long range plan, that’s all you’re going to get out of an implementation and I don’t think that’s going to work in the long term under any circumstances.
Proper IAM impelmentations do not and cannot occur by accident. Somewhere along the line, the C-level is going to wonder why so much equipment and resources are being used in maintaining and tracking disparate IAM systems. Strategic planning is essential from the moment the LDAP Schema is laid, through HCM incorporation, to provisioning, reconciliation, GRC and federated relationships to ensure you’re getting more than tactical stopgaps.