It’s seldom that I publish more than one blog post on a single piece, but Mark Diodati’s article “Changing times for identity management ” (login required) spoke of two main themes that I felt needed to be discussed. In an article on IdM Thoughtplace, I looked into some issues of what composes “New School” Idm.
In this piece, I’d like to comment on a couple of points that Mark makes that I particularly agree with.
First off, Mark mentions that thorough analysis and review of IdM offerings is essential. The selection team/steering committee needs to remember that no IdM product exists in a vacuum. Testing against ERP, enterprise LDAP/AD and other key systems is essential, and involving a pilot group is key as well. I’d go a step beyond what Mark specifies, by adding that your pilot group needs to be multi-disciplinary. Just IT or Help Desk folks won’t cut it here. Make sure there’s some HR and ERP users along with other “typical” users in your organization. You’ll need to do a little more hand holding and training earlier that you’d like, but you’ll get better responses and metrics in return.
I’m also in agreement that you should review all offerings and available features/upgrades from current infrastructure. That “buried treasure” could be the key to keeping your infrastructure secure and compliant. Also find every way possible to use and reuse your current infrastructure., it can pay off in the long run.
It’s a tough economy out there, but that does not mean that you should stop your review of IdM improvements. Use the current time for evaluation and planning. Bring some vendors in for a PoC to make sure it fits into current infrastructure. The best place to start looking is right in your server rooms and data centers. Go to it!