- Large identity projects often fail due to poor requirements gathering, underestimating political and process challenges, and not addressing how changes may threaten existing revenue and control.
- To succeed, a program needs thorough requirements, separate but integrated projects, governance addressing politics, and an experienced blended team to build local expertise over time while delivering early wins.
- Programs should start small and underpromise to build support before pursuing ambitious goals.
Greater Noida Call Girls 9711199012 WhatsApp No 24x7 Vip Escorts in Greater N...
Global & National Identity Projects Failures and Successes
1. Global & National Identity
Projects Failures and Successes
Huntington Ventures Ltd.
The Business of Identity Management
May 2016
2. This Deck…
• Reviews common causes for why so many large
identity projects fail, go over budget and timelines
and under-deliver
• Describes, based on my experience, ways to
structure a large identity program with several
related identity projects such that they will be
successful
• So who am I?
3. Guy Huntington
Guy Huntington is a very
experienced identity
architect, program and
project manager who has led,
as well as rescued, many
large Fortune 500 identity
projects including Boeing and
Capital One. He recently
completed being the identity
architect for the Government
of Alberta’s Digital Citizen
Identity and Authentication
program.
4. My Own Experiences…
• I have been brought in several times to rescue
very large identity projects with many of them
global in scope
• Often, prior to my appearance, senior managers
have been fired and the executive team is now
very skeptical about the supposed business
benefits of the identity project
• Here’s what they were “blaming” for the demise
of their project….
5. The Blame Game…
• Often the identity software vendor is blamed, saying their
products don’t work”
– This often leads them to begin evaluating a new vendor whom
they tell me “will work”
• The implementation team is blamed claiming they “took
too long” to implement and then “raised problems too
late”
• A specific department is blamed claiming they essentially
sunk the project
• Normally the people who are funding the project (e.g.
Finance) is furious because the project is so far over
budget
– This usually results in senior executives in charge of the
program/projects to be fired
6. And Here’s What I Found…
• The program and project requirements were not
thoroughly done in the beginning. Why?
• There is an old consulting type triangle depicting IT
projects as follows:
• The enterprise mistakenly believed all the vendors
and consultants who were talking about the
“technology” i.e. identity management product,
cards, etc. as the “Solution”
• They under-estimated the people and processes…
7. People, Processes and Politics…
• An identity program/project cuts across ALL
government and enterprises ministries and
departments
• It allows for new ways of doing things which are
usually faster, cheaper and more convenient for
the end user
• HOWEVER, the existing people who’s existing
revenue, political control, leverage and jobs are
often threatened
• So the smart ones use what I call the “4 D’s”
8. Guy’s 4 D’s of a Bureaucracy …
• DELAY, DEFLECT, DELEGATE AND DENY
• These are the tools of the trade of all bureaucracies to function
and maintain themselves
• So a smart department leader or minister uses these tactics to
essentially “outwait” the new program/project until such time
as they can regain control
• The people usually running the program/projects did not do
their homework in addressing these players before and during
the project
– For example, I was in a country in Asia and was talking about
implementing a citizen identity system where they could pay for
fines from their phones. A wise person told me that the police
would be a major problem since most tickets were paid on the spot
to the officer as a revenue source for the officer
– Governments and global enterprises have lots of such potential
project sinkholes they can fall into
9. The Devil Is In the Details…
• An identity program/project involves tens of thousands of
details
• These cover everything from the business processes and
technology to security, governance, laws, regulations,
application/service integrations, etc.
• It’s been my own experience that the executives at the
top, as well as their managers, don’t totally understand
the complexity and inter-relationships required
• Thus the program/project rests in the hands of their
managers who are also somewhat blind to all the
implications
• That’s when the project begins to come off the track
10. Then There’s Infrastructure & Security
• In today’s world, organized crime and foreign intelligence
agencies want to penetrate a national identity and
authentication system to effectively bring a country down
• The system always must be up 24x7x365
• Most senior executives don’t understand the requirements
• At one global company, their global system went down for
6 hours. The CEO was on the phone every 30 minutes
asking for updates and when it would be up. I was
brought back in to implement the high availability
recommendations I had previously made
• In today’s world of “ransom ware”, the stakes are even
higher
11. One Throat To Choke…
• Many large enterprises want one global consulting vendor to oversee
the entire identity program or project
• Their rational is “there is only one throat to choke”
• On the surface, this makes sense. HOWEVER, in practice it doesn’t
always work
• It totally depends on the people the major consulting vendors bring in
the door
• I have frequently been called in when the major consulting vendor has
done what is called a “bait and switch”
– They bring in their top sales and technical team to clinch the deal
– After some time, they remove the experienced people to other projects
and leave the existing project with not so experienced people
– Things normally bubble along for up to a year or more when all of a sudden
things don’t work, deliverables are missed, costs go up and the blame
game begins
• The old saying “caveat emptor” or “buyer beware” is appropriate
12. It’s Complicated…
• A nation who is deploying a national identity and
authentication infrastructure, will create thousands of services
relying upon this system
• It’s complicated
• An analogy I use is you are creating the electronic equivalent to
roadways, electricity and water plumbing used in your nations
• It too is complicated and requires the integrated planning and
support of many different types of people
• Most of this infrastructure is underground and in effect
“invisible”
• The identity infrastructure you are going to create will also
mostly be invisible and taken for granted by citizens
• You are building a new, complex, electronic spider web
touching all people
13. So What Are Successful Components?
• If you’ve been viewing the other National ICT
presentations here,
http://www.slideshare.net/ghuntington/overview-
of-my-various-national-ict-strategy-presentations,
you’ll be realizing the depth and breadth of what I
am proposing
• There is some good news… you are not the first
nation to go down this road
• They have successfully addressed these challenges
• So what are some of the key components?
14. Governance
• Governance is where it all starts
• Go here to view the governance deck describing the many key
components of good governance
– http://www.slideshare.net/ghuntington/developing-countries-
national-ict-identity-governance-strategy
• Your country’s leaders must understand the complexity about
which they are about to embark upon
• They need to not only view similar presentations to what I’ve
created BUT they also need to understand that this is a 3-5
year program to change their country
• They too must change as the identity program rolls out
– For example, in Estonia, the senior ministers use a paperless system
• Their political careers could be enhanced or, seriously
tarnished upon the results of the citizen identity program since
it’s very public
15. Requirements
• My advice is to not let the vendors lead you into requirements
• Their products, while usually fine, are only a small part of the
overall solution
• Your country needs to have extremely detailed identity
requirements gathering before any RFP is issued:
• This involves:
– Identity data analysis, business processes and technical capabilities
for each application where citizen identity data is entered
– Financial payment analysis for any payment made by the citizen to
the government regardless of ministry
– Network and security analysis to get ready to ransom ware type
attacks
– Laws and regulations gap analysis
• This involves a team of very skilled people
16. Avoid Issuing Quick RFP’s
• I have come into projects where the
management team wanted to get things going
and then issued and awarded one RFP usually for
an identity system, or cards, or whatever
• Then they ran into trouble when they found out
their true requirements, discovering their
existing solution doesn’t integrate well with what
they really want to do
• So, my advice is to take 3-6 months, bring in a
skilled team of requirements people and do your
homework before embarking on issuing RFP’s
17. Create A Strategy and Roadmap…
• A very detailed strategy and roadmap set of
documents should be produced
• These should outline the major goals, show
interdependencies, timelines, budgets, resource
requirements and the number and type of
different RFP’s required
• If this is done by skilled people, the government
leaders and senior managers can see what they
are getting themselves into before they leap
18. Run Several Projects In Parallel…
• The identity program usually has several main
“Tracks”:
– Governance
– Security
– Identity and access management
– Privacy
– Citizen Payments
– Healthcare
– Education
– Social Services, etc.
19. Integration Of Projects
• These “tracks” are all highly dependent upon the
underlying identity and authentication infrastructure
• Therefore, they need to be tightly integrated at the project
level
• When I run global programs and projects, I have daily
team standups for each project and then weekly global
standups for all teams
• It’s extremely important that everyone knows what the
other projects are doing that impact them and also
contribute their thoughts and concerns
• It’s so much better to catch political or design problems
early on before they become a major disaster to deal with
20. Who’s Going To Run All Of This?
• I have been involved in most different types of
operational management scenarios for enterprises
where they
– Out source their design, implementation and support
– Use combined teams of enterprise and out-sourced
specialists to design and implement and then the
enterprise supports
– Do it all mostly themselves
• I have worked with most of the main consulting
firms, identity vendors and out sourced consultants
from all over the world
• So what do I recommend?
21. A Blended Model…
• Most of your countries will lack the specialized
identity and access management expertise as
well as differing degrees of knowledge on things
such as security, laws, governance, etc.
• It makes sense to therefore bring in specialists
BUT MESH THEM IMMEDIATELY WITH LOCAL
PEOPLE
• Your people need to build up these skill sets
• They are the ones who your country will rely
upon to carry the national infrastructure
22. Think Through Ops Support…
• The identity and access management
infrastructure is the technical and economic hub
of the new digital wheel your countries are
creating
• If you decide to outsource this, then how much
control can you place on the operators of the
system to not do inadvertent or malicious
things?
• Read the security deck to gain insight into this
– http://www.slideshare.net/ghuntington/developing-
countries-national-ict-security-strategy
23. Politics…
• Beware the politics! It’s essential that you and
your country’s leaders carefully plot a strategy
through the maze of your own internal politics
• It involves what I call “pick and choose”.
– One needs to carefully pick out the major game
changer players within the government
– Then one must carefully choose the starting
components such there is a high degree of successful
implementation
24. Elections…
• As your government comes up on their next election
cycle, they will obviously want to let the citizens
know what a great job they are doing for them
• In the strategy outlined here
http://www.slideshare.net/ghuntington/developing-
countries-national-ict-identity-strategy, I outline a
way for the government to show the vast majority of
their citizens, who only have cell phones, how they
will be helped
– Pay for government services wherever they are, receive
improved healthcare, etc.
25. A Word Of Caution…
• Under promise and over deliver
• The danger with leaders taking on the identity program is
that they will oversell it politically too fast
• This could result in them creating a disaster instead of a
political success
• I always tell my clients to under promise and over deliver
• The first 2-3 years are the most critical assembling the
requisite legal, technical and support pieces
• I recommend you tell your leaders to soft pedal the
benefits for the first three years until everything is in place
• Then they can tell their citizens what a great thing they
have done
26. Success or Failure?
• Will you identity program be successful, or a
failure?
• The answer is up to you
• I have created a series of decks to help educate
you on the many different pieces required for an
identity program
• If you take some of the advice to heart, learn
from other’s past mistakes and break down the
project into discrete small steps, then you will
succeed
27. If You Thought This Is Thought Provoking
• Then please pass along a link to the presentation
to people in your country who might be
interested
• You can contact me at:
– guy@hvl.net
– 1-604-861-6804
– Via LinkedIn (https://ca.linkedin.com/in/ghuntington)
• Thanks for your time!