SlideShare a Scribd company logo

8 Pitfalls of Next Generation IAM Programs

Download as PPTX, PDF
D
Dave Shields

Presented at the Cloud Identity Summit 2017 (now Identiverse), Dave Shields provides a great overview of some of the biggest IAM challenges he faced while building IAM at OU and wants to share it with other IAM professionals. Focus is Higher Education but the material works for any vertical.

Technology
1 of 41
8 PITFALLS OF NEXT GENERATION IDENTITY MANAGEMENT Presented By: Dave Shields, Managing Director of Identity and Access Management – University of Oklahoma
About OU • Public funded, research institution in Oklahoma • Approximately 37,000 students, 12,000 Faculty/Staff • Spread across 3 campuses • Highly decentralized environment
IAM Program Reality Check • Just because you build it, doesn’t mean they will come… • Old processes die hard and new processes die easy. • Learn to ‘see’ the pitfalls and prepare for them.
Pitfall #1 – Bad Planning • Bad planning kills new ideas. • Just because you can buy it doesn’t mean you should. • IAM touches too many things to live in a vacuum.
Solution: Build a Roundtable! • Dedicate at least one person full time to IAM, more if you can. • Create a ‘think tank’ with people who have a stake in IAM. These stakeholders build buy-in for the program. • Your Roundtable can help your plans succeed. • Tribal knowledge is better than technical depth.
The IAM Roundtable at OU • Meets every other week and also maintains email communication outside of meetings • Meetings are open to anyone who wants to listen. (don’t create a wall) • Consists of Enterprise Architects, representatives from high impact areas, and rank and file employees with tribal knowledge.
Why? • Reduces power struggles, egomania and ‘manic planning.’ • Increases collaboration across the diverse structure of the university. • Shows a unified front against a problem that can’t be ignored. • Offers a basis for IAM Governance later on
Pitfall #2 – Garbage Processes • Existing processes may be good but they can also be part of the problem. • We don’t always realize a process is garbage until we examine it. • No matter how great your next generation IAM Platform is, it won’t fix a bad process if you replicate it.
Solution: Seek and Destroy • Spend a lot of time documenting core identity processes (i.e. how does an account get from here to there?) with those who know them best. • Break out the flow charts! • Illustrate processes to the owners. • If garbage is found, destroy (or recycle) it.
Scary Diagrams and Nice Colors
Scary Diagrams and Nice Colors
Why? • Documenting processes can help you find issues. • Many processes have never been documented and may only live in someone’s brain. • Once the process is documented, converting it to IAM logic will be that much quicker!
Pitfall #3 – Wrong Product Choice • The best product for your organization may not be the popular choice. • Don’t make IAM just a solution looking for a problem. • The Gartner Magic Quadrant is not the final word on what’s best!
Solution: Create Business Requirements • Craft a minimum of 5 Business Requirements, and hold the vendor(s) accountable! • Use your think tank (roundtable) and key stakeholders to determine what is really required for your IAM Platform. • The more feedback you have, the better the requirements will be.
Business Requirements for OU • We created 10 business requirements for OU and explained what each of these are: – BR01: Legacy Replacement – BR02: Secondary ID Source – BR03: Triangulation of Trust – BR04: Role Assignment/Mirroring – BR05: Integration with Existing Systems
Business Requirements for OU • We created 10 business requirements for OU and explained what each of these are: – BR06: Audit and Attestation – BR07: Platform Location (Cloud vs. On-Prem) – BR08: Academic Lifecycle of an Identity – BR09: Web Portal Experience – BR10: Independent Sustainment of IAM Platform
Example of Requirements: • BR03:Triangulation of Trust: – Successfully offer a web portal to request secondary ID’s – Successfully accept authentication from sources such as Facebook, Email, SSO, etc. – Successfully illustrate trust-based scoring – Successfully federate with InCommon – Capable of connecting collected data to AD accounts
Why? • Creating Business Requirements with the organization builds support and buy-in across the university. • Business requirements can be a deliverable for IAM. • If you know what you need, you’ll know which vendors don’t work for you. • You can do a ‘mini-RFP’ with your requirements.
Example of our Matrix
Pitfall #4 – Being Future-Blind • It’s very easy to think of IAM as strictly an internal process but it isn’t! • Your users are likely bringing their own identities and may or may not want to use them at your organization. • If your platform can’t do both internal and external ID management, it will not be useful.
Solution: Design for the Future • Do not limit your thoughts to just keeping the status quo… prepare for the future! • Can a user (or contractor) use your infrastructure even if they are in another country? • Consider the buzzwords: Internet of Things, Open Authentication, etc.
Fully Integrated IAM
Why? • IAM is not an application, it’s a platform • Digital natives seek a truly integrated approach. • Greater visibility on a single pane of glass. • One IAM to rule them all.
Pitfall #5 – We Require More Resources • Too many organizations don’t take IAM seriously enough from a resource standpoint. • Too few staff, stretched too thin. • Too may responsibilities, not enough manpower • Lack of direction and oversight. • Sorry, no money… 
Solution: Make an Actual IAM Team • Dedicate a team lead and one or two staff (initially) to IAM. • Do not try to offer time sharing of resources. • Beyond the core team, have a cross functional team that drives it for the greater good.
OU’s IAM Team Portfolio Identity Management IAM Platform Active Directory SSO (PingFederate) MFA (Duo) Access Management Network Access Control (ClearPass) Cloud DLP (CloudLock) Federated Access (InCommon)
Why? • Overuse of resources causes stagnation. • Allocating an actual team for the project ensures that it is staffed and funded. • If the IAM team has a portfolio of tools, it makes it easier to get that ‘single pane of glass’ for IAM.
Pitfall #6 – Lack of Engagement • IAM cannot live in a bubble. • If you don’t engage your organization’s stakeholders, the program won’t last long. • Everybody’s voice needs to be heard or they won’t hear yours!
Solution: Transparency & Communication • Make sure everybody that will listen to you knows what is going on! • An organization is not an organization without staff, visitors, contractors, etc. … get them engaged. • Don’t just ask managers and high-level employees, the rank and file employees have lots to share.
The Big Show and the IAM Email List • Consider creating an IAM Communications email or journal or social media path. • Prepare to create a method for governing your IAM Platform and data use • Invite your top vendor to offer a ‘big show’ demo where anyone can attend!
Why? • Keeping communication open gives more people a voice. • The more people that feel their voice is heard, the more support you have. • If one person has a concern about part of it, they aren’t the only one.
Pitfall #7 – Not Planning for the Lifecycle • It’s easy to focus too much on ‘active’ employees or vendors. • Sometimes others are ignored. • You cannot treat each stage the same!
Solution: Plan for the Full Lifecycle • You literally must think about IAM from the cradle to the grave. • Each stage in the lifecycle has its own requirements and needs. Plan for them! • Document all possible lifecycle stages and get feedback from someone in each group.
More Scary Diagrams and Nice Colors
Why? • An identity changes state many times throughout the lifecycle. • The lifecycle of an academic identity is very different than a corporate one. • Not just people have identities, so do devices and systems
Pitfall #8 – Not Expecting the Unexpected • You cannot predict everything • The deeper you get into IAM, the more ‘spaghetti’ you will find • People will be protective of their processes
Solution: Keep Things Fluid • No that it is not ‘if’ or ‘when’ your IAM scope will change but ‘how many times’ • Add some fluidity to timelines and deadlines • Learn when to draw the line without impacting your goals • Sometimes small steps are better than big strides
IAM@OU, 2 Years In • Timeline had to be moved at least 4 times. • Hidden dependencies added over 1000 hours to development time. • New systems became critical systems that were not accounted for in Discovery • Extensive human hours caused resource constraints in other departments
Why? • IAM is so large that teams do not always realize the scope until it’s too late. • Demanding hard timelines can reduce success of your IAM deployment • Innovation may not always appear at the beginning • You can’t build IAM alone
The New Reality of IAM • Open walls, processes and communication. • Touches everything in your organization. • Impacts everyone in your organization. • Can be the best piece of your organization… or the worst. • Integral to managing risk and security to your organization
Need more help? Keep in Touch! • Slides Available at the end of this presentation • Email: dshields@ou.edu • LinkedIn: https://www.linkedin.com/i n/daveshieldsok/

Recommended

Bit by Bit: A Framework for Building Technological Competence as a Lawyer
Bit by Bit: A Framework for Building Technological Competence as a LawyerBit by Bit: A Framework for Building Technological Competence as a Lawyer
Bit by Bit: A Framework for Building Technological Competence as a Lawyer
Jack Pringle
 
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Jack Pringle
 
Publishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic PublishersPublishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic Publishers
Craig Miller
 
Synerzip’s Top 10 Take Aways, From Agile 2013
Synerzip’s Top 10 Take Aways, From Agile 2013Synerzip’s Top 10 Take Aways, From Agile 2013
Synerzip’s Top 10 Take Aways, From Agile 2013
Synerzip
 
Creating a DAM Strategy For Your Museum
Creating a DAM Strategy For Your MuseumCreating a DAM Strategy For Your Museum
Creating a DAM Strategy For Your Museum
Collections Trust
 
10 steps to salvation: Creating digital governance that works
10 steps to salvation: Creating digital governance that works10 steps to salvation: Creating digital governance that works
10 steps to salvation: Creating digital governance that works
Kate Thomas
 
Techniques to build, engage and manage your intranet project
Techniques to build, engage and manage your intranet projectTechniques to build, engage and manage your intranet project
Techniques to build, engage and manage your intranet project
Rebecca Jackson
 
Machine Learning Adoption: Crossing the chasm for banking and insurance sector
Machine Learning Adoption: Crossing the chasm for banking and insurance sectorMachine Learning Adoption: Crossing the chasm for banking and insurance sector
Machine Learning Adoption: Crossing the chasm for banking and insurance sector
Rudradeb Mitra
 

Recommended

Bit by Bit: A Framework for Building Technological Competence as a Lawyer
Bit by Bit: A Framework for Building Technological Competence as a LawyerBit by Bit: A Framework for Building Technological Competence as a Lawyer
Bit by Bit: A Framework for Building Technological Competence as a Lawyer
Jack Pringle
 
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Jack Pringle
 
Publishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic PublishersPublishing Strategic Technology for Association of Catholic Publishers
Publishing Strategic Technology for Association of Catholic Publishers
Craig Miller
 
Synerzip’s Top 10 Take Aways, From Agile 2013
Synerzip’s Top 10 Take Aways, From Agile 2013Synerzip’s Top 10 Take Aways, From Agile 2013
Synerzip’s Top 10 Take Aways, From Agile 2013
Synerzip
 
Creating a DAM Strategy For Your Museum
Creating a DAM Strategy For Your MuseumCreating a DAM Strategy For Your Museum
Creating a DAM Strategy For Your Museum
Collections Trust
 
10 steps to salvation: Creating digital governance that works
10 steps to salvation: Creating digital governance that works10 steps to salvation: Creating digital governance that works
10 steps to salvation: Creating digital governance that works
Kate Thomas
 
Techniques to build, engage and manage your intranet project
Techniques to build, engage and manage your intranet projectTechniques to build, engage and manage your intranet project
Techniques to build, engage and manage your intranet project
Rebecca Jackson
 
Machine Learning Adoption: Crossing the chasm for banking and insurance sector
Machine Learning Adoption: Crossing the chasm for banking and insurance sectorMachine Learning Adoption: Crossing the chasm for banking and insurance sector
Machine Learning Adoption: Crossing the chasm for banking and insurance sector
Rudradeb Mitra
 
How Yammer Stayed Lean Post-Acquisition: Customer Development as Survival Str...
How Yammer Stayed Lean Post-Acquisition: Customer Development as Survival Str...How Yammer Stayed Lean Post-Acquisition: Customer Development as Survival Str...
How Yammer Stayed Lean Post-Acquisition: Customer Development as Survival Str...
Cindy Alvarez
 
Planning for Positive Change with Customer Relations Management/CRM Software
Planning for Positive Change with Customer Relations Management/CRM SoftwarePlanning for Positive Change with Customer Relations Management/CRM Software
Planning for Positive Change with Customer Relations Management/CRM Software
Monday Loves You
 
Leveraging Cloud Technologies to Boost Your Start Up
Leveraging Cloud Technologies to Boost Your Start UpLeveraging Cloud Technologies to Boost Your Start Up
Leveraging Cloud Technologies to Boost Your Start Up
Brian Pichman
 
CIO 360 grados: empoderamiento total
CIO 360 grados: empoderamiento totalCIO 360 grados: empoderamiento total
CIO 360 grados: empoderamiento total
Corporacion Colombia Digital
 
KM 101
KM 101KM 101
KM 101
Patti Anklam
 
Lean startup & customer development
Lean startup & customer developmentLean startup & customer development
Lean startup & customer development
Emanuele Musa
 
Social Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeySheppSocial Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeyShepp
Earthsite
 
Infusionsoft Socially Enabled Internal Communication Proposal
Infusionsoft Socially Enabled Internal Communication ProposalInfusionsoft Socially Enabled Internal Communication Proposal
Infusionsoft Socially Enabled Internal Communication Proposal
Kimberle Morrison
 
10 Reasons Why Yammer is an Effective On-boarding Tool
10 Reasons Why Yammer is an Effective On-boarding Tool10 Reasons Why Yammer is an Effective On-boarding Tool
10 Reasons Why Yammer is an Effective On-boarding Tool
Kanwal Khipple
 
Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...
Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...
Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...
Jon Stevens-Hall
 
Eos systems
Eos systemsEos systems
Eos systems
Stephen Abram
 
Customer Service and Support
Customer Service and SupportCustomer Service and Support
Customer Service and Support
Anand Shah PMP
 
Big Data for Small Businesses
Big Data for Small BusinessesBig Data for Small Businesses
Big Data for Small Businesses
Vivastream
 
How to Add Intelligence to Your Product Design
How to Add Intelligence to Your Product DesignHow to Add Intelligence to Your Product Design
How to Add Intelligence to Your Product Design
Salesforce Developers
 
Knowledge Management - By Joe Hessmiller
Knowledge Management - By Joe HessmillerKnowledge Management - By Joe Hessmiller
Knowledge Management - By Joe Hessmiller
Computer Aid, Inc
 
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle. Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Evergreen Systems
 
Putting personas to work - University of Edinburgh Website Programme
Putting personas to work - University of Edinburgh Website ProgrammePutting personas to work - University of Edinburgh Website Programme
Putting personas to work - University of Edinburgh Website Programme
Neil Allison
 
So Now You’re a UiPath Developer – What’s Next?” What Role do You Play as Dev...
So Now You’re a UiPath Developer – What’s Next?” What Role do You Play as Dev...So Now You’re a UiPath Developer – What’s Next?” What Role do You Play as Dev...
So Now You’re a UiPath Developer – What’s Next?” What Role do You Play as Dev...
DianaGray10
 
Think Digital - developing agile, responsive organisations | Dave Briggs | Oc...
Think Digital - developing agile, responsive organisations | Dave Briggs | Oc...Think Digital - developing agile, responsive organisations | Dave Briggs | Oc...
Think Digital - developing agile, responsive organisations | Dave Briggs | Oc...
Department for Communities and Local Government Local Digital Campaign
 
TACOM 2014: Back To Basics
TACOM 2014: Back To BasicsTACOM 2014: Back To Basics
TACOM 2014: Back To Basics
Joel Cardella
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 

More Related Content

Similar to 8 Pitfalls of Next Generation IAM Programs

10 Reasons Why Yammer is an Effective On-boarding Tool
10 Reasons Why Yammer is an Effective On-boarding Tool10 Reasons Why Yammer is an Effective On-boarding Tool
10 Reasons Why Yammer is an Effective On-boarding Tool
Kanwal Khipple
 
Big Data for Small Businesses
Big Data for Small BusinessesBig Data for Small Businesses
Big Data for Small Businesses
Vivastream
 
Knowledge Management - By Joe Hessmiller
Knowledge Management - By Joe HessmillerKnowledge Management - By Joe Hessmiller
Knowledge Management - By Joe Hessmiller
Computer Aid, Inc
 
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle. Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Evergreen Systems
 
So Now You’re a UiPath Developer – What’s Next?” What Role do You Play as Dev...
So Now You’re a UiPath Developer – What’s Next?” What Role do You Play as Dev...So Now You’re a UiPath Developer – What’s Next?” What Role do You Play as Dev...
So Now You’re a UiPath Developer – What’s Next?” What Role do You Play as Dev...
DianaGray10
 

Similar to 8 Pitfalls of Next Generation IAM Programs (20)

How Yammer Stayed Lean Post-Acquisition: Customer Development as Survival Str...
How Yammer Stayed Lean Post-Acquisition: Customer Development as Survival Str...How Yammer Stayed Lean Post-Acquisition: Customer Development as Survival Str...
How Yammer Stayed Lean Post-Acquisition: Customer Development as Survival Str...
 
Planning for Positive Change with Customer Relations Management/CRM Software
Planning for Positive Change with Customer Relations Management/CRM SoftwarePlanning for Positive Change with Customer Relations Management/CRM Software
Planning for Positive Change with Customer Relations Management/CRM Software
 
Leveraging Cloud Technologies to Boost Your Start Up
Leveraging Cloud Technologies to Boost Your Start UpLeveraging Cloud Technologies to Boost Your Start Up
Leveraging Cloud Technologies to Boost Your Start Up
 
CIO 360 grados: empoderamiento total
CIO 360 grados: empoderamiento totalCIO 360 grados: empoderamiento total
CIO 360 grados: empoderamiento total
 
KM 101
KM 101KM 101
KM 101
 
Lean startup & customer development
Lean startup & customer developmentLean startup & customer development
Lean startup & customer development
 
Social Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeySheppSocial Media for Internal Company Communications by @JoeyShepp
Social Media for Internal Company Communications by @JoeyShepp
 
Infusionsoft Socially Enabled Internal Communication Proposal
Infusionsoft Socially Enabled Internal Communication ProposalInfusionsoft Socially Enabled Internal Communication Proposal
Infusionsoft Socially Enabled Internal Communication Proposal
 
10 Reasons Why Yammer is an Effective On-boarding Tool
10 Reasons Why Yammer is an Effective On-boarding Tool10 Reasons Why Yammer is an Effective On-boarding Tool
10 Reasons Why Yammer is an Effective On-boarding Tool
 
Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...
Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...
Velocity19 Berlin: Swarming, Cynefin… and avoiding the problems of becoming a...
 
Eos systems
Eos systemsEos systems
Eos systems
 
Customer Service and Support
Customer Service and SupportCustomer Service and Support
Customer Service and Support
 
Big Data for Small Businesses
Big Data for Small BusinessesBig Data for Small Businesses
Big Data for Small Businesses
 
How to Add Intelligence to Your Product Design
How to Add Intelligence to Your Product DesignHow to Add Intelligence to Your Product Design
How to Add Intelligence to Your Product Design
 
Knowledge Management - By Joe Hessmiller
Knowledge Management - By Joe HessmillerKnowledge Management - By Joe Hessmiller
Knowledge Management - By Joe Hessmiller
 
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle. Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
Incident, Problem, Change, Knowledge…and Service Catalog? A Powerful Circle.
 
Putting personas to work - University of Edinburgh Website Programme
Putting personas to work - University of Edinburgh Website ProgrammePutting personas to work - University of Edinburgh Website Programme
Putting personas to work - University of Edinburgh Website Programme
 
So Now You’re a UiPath Developer – What’s Next?” What Role do You Play as Dev...
So Now You’re a UiPath Developer – What’s Next?” What Role do You Play as Dev...So Now You’re a UiPath Developer – What’s Next?” What Role do You Play as Dev...
So Now You’re a UiPath Developer – What’s Next?” What Role do You Play as Dev...
 
Think Digital - developing agile, responsive organisations | Dave Briggs | Oc...
Think Digital - developing agile, responsive organisations | Dave Briggs | Oc...Think Digital - developing agile, responsive organisations | Dave Briggs | Oc...
Think Digital - developing agile, responsive organisations | Dave Briggs | Oc...
 
TACOM 2014: Back To Basics
TACOM 2014: Back To BasicsTACOM 2014: Back To Basics
TACOM 2014: Back To Basics
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Recently uploaded (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

8 Pitfalls of Next Generation IAM Programs

  • 1. 8 PITFALLS OF NEXT GENERATION IDENTITY MANAGEMENT Presented By: Dave Shields, Managing Director of Identity and Access Management – University of Oklahoma
  • 2. About OU • Public funded, research institution in Oklahoma • Approximately 37,000 students, 12,000 Faculty/Staff • Spread across 3 campuses • Highly decentralized environment
  • 3. IAM Program Reality Check • Just because you build it, doesn’t mean they will come… • Old processes die hard and new processes die easy. • Learn to ‘see’ the pitfalls and prepare for them.
  • 4. Pitfall #1 – Bad Planning • Bad planning kills new ideas. • Just because you can buy it doesn’t mean you should. • IAM touches too many things to live in a vacuum.
  • 5. Solution: Build a Roundtable! • Dedicate at least one person full time to IAM, more if you can. • Create a ‘think tank’ with people who have a stake in IAM. These stakeholders build buy-in for the program. • Your Roundtable can help your plans succeed. • Tribal knowledge is better than technical depth.
  • 6. The IAM Roundtable at OU • Meets every other week and also maintains email communication outside of meetings • Meetings are open to anyone who wants to listen. (don’t create a wall) • Consists of Enterprise Architects, representatives from high impact areas, and rank and file employees with tribal knowledge.
  • 7. Why? • Reduces power struggles, egomania and ‘manic planning.’ • Increases collaboration across the diverse structure of the university. • Shows a unified front against a problem that can’t be ignored. • Offers a basis for IAM Governance later on
  • 8. Pitfall #2 – Garbage Processes • Existing processes may be good but they can also be part of the problem. • We don’t always realize a process is garbage until we examine it. • No matter how great your next generation IAM Platform is, it won’t fix a bad process if you replicate it.
  • 9. Solution: Seek and Destroy • Spend a lot of time documenting core identity processes (i.e. how does an account get from here to there?) with those who know them best. • Break out the flow charts! • Illustrate processes to the owners. • If garbage is found, destroy (or recycle) it.
  • 10. Scary Diagrams and Nice Colors
  • 11. Scary Diagrams and Nice Colors
  • 12. Why? • Documenting processes can help you find issues. • Many processes have never been documented and may only live in someone’s brain. • Once the process is documented, converting it to IAM logic will be that much quicker!
  • 13. Pitfall #3 – Wrong Product Choice • The best product for your organization may not be the popular choice. • Don’t make IAM just a solution looking for a problem. • The Gartner Magic Quadrant is not the final word on what’s best!
  • 14. Solution: Create Business Requirements • Craft a minimum of 5 Business Requirements, and hold the vendor(s) accountable! • Use your think tank (roundtable) and key stakeholders to determine what is really required for your IAM Platform. • The more feedback you have, the better the requirements will be.
  • 15. Business Requirements for OU • We created 10 business requirements for OU and explained what each of these are: – BR01: Legacy Replacement – BR02: Secondary ID Source – BR03: Triangulation of Trust – BR04: Role Assignment/Mirroring – BR05: Integration with Existing Systems
  • 16. Business Requirements for OU • We created 10 business requirements for OU and explained what each of these are: – BR06: Audit and Attestation – BR07: Platform Location (Cloud vs. On-Prem) – BR08: Academic Lifecycle of an Identity – BR09: Web Portal Experience – BR10: Independent Sustainment of IAM Platform
  • 17. Example of Requirements: • BR03:Triangulation of Trust: – Successfully offer a web portal to request secondary ID’s – Successfully accept authentication from sources such as Facebook, Email, SSO, etc. – Successfully illustrate trust-based scoring – Successfully federate with InCommon – Capable of connecting collected data to AD accounts
  • 18. Why? • Creating Business Requirements with the organization builds support and buy-in across the university. • Business requirements can be a deliverable for IAM. • If you know what you need, you’ll know which vendors don’t work for you. • You can do a ‘mini-RFP’ with your requirements.
  • 19. Example of our Matrix
  • 20. Pitfall #4 – Being Future-Blind • It’s very easy to think of IAM as strictly an internal process but it isn’t! • Your users are likely bringing their own identities and may or may not want to use them at your organization. • If your platform can’t do both internal and external ID management, it will not be useful.
  • 21. Solution: Design for the Future • Do not limit your thoughts to just keeping the status quo… prepare for the future! • Can a user (or contractor) use your infrastructure even if they are in another country? • Consider the buzzwords: Internet of Things, Open Authentication, etc.
  • 23. Why? • IAM is not an application, it’s a platform • Digital natives seek a truly integrated approach. • Greater visibility on a single pane of glass. • One IAM to rule them all.
  • 24. Pitfall #5 – We Require More Resources • Too many organizations don’t take IAM seriously enough from a resource standpoint. • Too few staff, stretched too thin. • Too may responsibilities, not enough manpower • Lack of direction and oversight. • Sorry, no money… 
  • 25. Solution: Make an Actual IAM Team • Dedicate a team lead and one or two staff (initially) to IAM. • Do not try to offer time sharing of resources. • Beyond the core team, have a cross functional team that drives it for the greater good.
  • 26. OU’s IAM Team Portfolio Identity Management IAM Platform Active Directory SSO (PingFederate) MFA (Duo) Access Management Network Access Control (ClearPass) Cloud DLP (CloudLock) Federated Access (InCommon)
  • 27. Why? • Overuse of resources causes stagnation. • Allocating an actual team for the project ensures that it is staffed and funded. • If the IAM team has a portfolio of tools, it makes it easier to get that ‘single pane of glass’ for IAM.
  • 28. Pitfall #6 – Lack of Engagement • IAM cannot live in a bubble. • If you don’t engage your organization’s stakeholders, the program won’t last long. • Everybody’s voice needs to be heard or they won’t hear yours!
  • 29. Solution: Transparency & Communication • Make sure everybody that will listen to you knows what is going on! • An organization is not an organization without staff, visitors, contractors, etc. … get them engaged. • Don’t just ask managers and high-level employees, the rank and file employees have lots to share.
  • 30. The Big Show and the IAM Email List • Consider creating an IAM Communications email or journal or social media path. • Prepare to create a method for governing your IAM Platform and data use • Invite your top vendor to offer a ‘big show’ demo where anyone can attend!
  • 31. Why? • Keeping communication open gives more people a voice. • The more people that feel their voice is heard, the more support you have. • If one person has a concern about part of it, they aren’t the only one.
  • 32. Pitfall #7 – Not Planning for the Lifecycle • It’s easy to focus too much on ‘active’ employees or vendors. • Sometimes others are ignored. • You cannot treat each stage the same!
  • 33. Solution: Plan for the Full Lifecycle • You literally must think about IAM from the cradle to the grave. • Each stage in the lifecycle has its own requirements and needs. Plan for them! • Document all possible lifecycle stages and get feedback from someone in each group.
  • 34. More Scary Diagrams and Nice Colors
  • 35. Why? • An identity changes state many times throughout the lifecycle. • The lifecycle of an academic identity is very different than a corporate one. • Not just people have identities, so do devices and systems
  • 36. Pitfall #8 – Not Expecting the Unexpected • You cannot predict everything • The deeper you get into IAM, the more ‘spaghetti’ you will find • People will be protective of their processes
  • 37. Solution: Keep Things Fluid • No that it is not ‘if’ or ‘when’ your IAM scope will change but ‘how many times’ • Add some fluidity to timelines and deadlines • Learn when to draw the line without impacting your goals • Sometimes small steps are better than big strides
  • 38. IAM@OU, 2 Years In • Timeline had to be moved at least 4 times. • Hidden dependencies added over 1000 hours to development time. • New systems became critical systems that were not accounted for in Discovery • Extensive human hours caused resource constraints in other departments
  • 39. Why? • IAM is so large that teams do not always realize the scope until it’s too late. • Demanding hard timelines can reduce success of your IAM deployment • Innovation may not always appear at the beginning • You can’t build IAM alone
  • 40. The New Reality of IAM • Open walls, processes and communication. • Touches everything in your organization. • Impacts everyone in your organization. • Can be the best piece of your organization… or the worst. • Integral to managing risk and security to your organization
  • 41. Need more help? Keep in Touch! • Slides Available at the end of this presentation • Email: dshields@ou.edu • LinkedIn: https://www.linkedin.com/i n/daveshieldsok/

Editor's Notes

  1. Use the power of many to influence the rejection of the few. Make sure to look for people who you might not normally think of for a ‘governance’ type board but have special skills to help your purpose.
  2. We work through all IAM related activities as a team If one member of the roundtable has rapport with a specific group, let that person handle that group Democratically designed
  3. When more people are involved in the decision, as long as they have a combined cause, they tend to fight less over who does what A roundtable doesn’t lend itself to having one person be ‘the only person’ on a project so IAM doesn’t become “Dave’s Project” Many more projects at OU than I would like to admit have been the result of manic planning. Your roundtable can share the load and plan different parts together If you require others to help you reach ‘big decisions’ then you are increasing collaboration across the entire university When you have several people from all different walks of life working together, your approach becomes more unified and centralized
  4. There is nothing wrong with processes that have stood the test of time. The question is… did they pass the test of time or did everything else follow because it had to? Processes can be developed over years and decades and sometimes as a result of a firestorm, it may be that it was good when it was made but it needs to be examined for relevance You can have the most powerful IAM platform ever that spits out processes in realtime but if you feed it garbage, it’s going to spit out garbage.
  5. If your IAM isn’t there to solve problems, why are you building it? You need to document the processes so you can put it into IAM but this may be the time to figure out what you don’t need in the new IAM world If you are a visual person, diagrams and flowcharts are amazingly useful. You might even be able to show a process owner things about their process they didn’t realize. Whatever you do, don’t bring the garbage into IAM, it will only make it stink.
  6. After meeting with all stakeholders, this is what we determined was how identities came to be. Don’t try to stare too hard, you’ll go blind. But this diagram served to show all things about identity and has been infinitely useful
  7. Don’t stare too hard, you’ll go blind! This diagram taught us how employees get their identities started. We found an area where things were being hand-keyed and likely causing some issues.
  8. You would be surprised at how many people asked if they could keep copies of these documents because nothing else was documented like this Those who keep processes in their brain are either going to be happy that you took that load off them or they may be nervous about giving up control of their ‘baby’. Many of the diagrams we made became the core documents for our IAM POC build and this can be used in the Production build, too.
  9. Everybody has those leaders in the organization who believe that only Gartner (or Forrester) are the best there is The way they evaluate products is for a much more generalized audience and there are few things that are ‘general’ in Higher Ed Even Gartner says “Just because it’s in the top right doesn’t mean it’s the best for you!”
  10. Consider putting your product choices in a Matrix and using it to review the material at hand. Your roundtable knows what is important to certain groups and they can help you decide. Share the requirements as much as you can with other parts of your university so that you can have lots of feedback.
  11. I picked this one because it was one of the most unique requirements we came up with and it really challenged a number of vendors.
  12. You need buy in to achieve success If your leadership wants to measure what you are doing, the requirements list or documents can be a great deliverable Picking the best vendor is much easier when you prepare accordingly. Explain how we used the requirements matrix to serve as a mini-RFP.
  13. Explain how you checked each vendor and scored them (0, 1, 2) Total the columns at the bottom and you can see which solution seems to do the most for your organization.
  14. The thing about the future is that it quickly becomes the present and soon the past IAM has to be able to do things inside your walls and outside If there is a paradigm shift in the way students communicate (such as Social Media in our time), your IAM may not be control that Make your platform work for how you work now and how you MAY work in the future.
  15. The future of education rests in the hands of those who are willing to reinvent it. You could be one of them. Yes, there are security concerns inherent in allowing other countries but that doesn’t mean you must avoid it The buzzwords of today will become the technology of tomorrow.
  16. What if your IAM future was a fully integrated system that could handle an almost endless list of sources and systems? Think outside of your university walls just as much as you think within.
  17. If the primary resources for IAM have other commitments, it’s that much easier to ‘kick the can down the road.’