Is Integration a pain point for Identity and Access Management (IAM) Transformations?
The technology market has a plethora of Identity and Access Management (IAM) products. The offerings are available both in on-premise as well as in IAM as a Service(IAMaaS) format. The pros of this are that organizations have a good number of choices. At the same time, the cons of this are that it makes the product selection bit confusing. Market research is a good starting point to have an initial shortlist. Before making the final IAM product choice, the organizations need to pay attention to the integration capabilities of the IAM product.
The reason why integration capability is a key IAM tooling consideration is that
Effective Identity Governance and Administration (IGA) needs centralized identity visibility across the organization
This is only possible when IT applications and platforms are able to integrate with the IAM platform
While there are manual data upload options available, they aren’t as effective as integration due to
Potential human errors leading to data contamination
Lack of scalability
Today, my article is on IAM tooling selection due diligence, covering key integration aspects.
Single IT asset inventory: Even before starting the hunt for an IAM product, consolidate technology inventory to have a single source of truth. With growing SaaS (Software as a Service) presence, have an approach to discover shadow IT assets as well. The IT asset inventory provides one of the key data points for IAM product selection. The inventory is a must-have to understand which assets need IAM coverage. In addition, assets need to be classified according to business criticality. As a key security principle, not all assets require the same level of security protection; the security investment needs to be prioritized to protect the most critical assets first.
IT asset profiling: Depending on the nature of technology and ease of integration of the IT assets, profiling needs to be carried out. For example, if the organization has huge legacies such as Mainframe, integration might not be easy; is there a uniformity across the inventory or not? Such profiling data points need to be used to narrow down the IAM product shortlist, depending on the IAM product integration capability.
Out of the box connector capability: Almost every IAM product has several out of the box connectors. These connectors make integration work easier. For example, if the IAM product has the out of the box Active Directory connector, then you generally don’t need to create a custom integration layer between the IAM product and the Active Directory. The inherent product functionality, i.e. connectors can be leveraged for simplified integrations.
Availability of connectors doesn’t make integration work nil. While the connector might help you to connect, many times the required data attributes might not be maintained in the target system making the connector almost useless from the identity governance point of view.
Due diligence should also check if connectors are free of cost or if you need to pay for the usage. Another check would be to see if you need additional IT components to make the connector work.
Supported Authentication mechanisms: Another key consideration for integration is the authentication mechanism. An authentication handshake is a must-have between IAM and the IT asset needing integration. Don’t assume that industry-standard authentication will work for your IT assets! Check for the availability of authentication mechanisms needed to support integration across the IT asset estate. If this is not done, you will end up with heavy customizations leading to technical debt. This will also make your IAM platform upgrade a nightmare in the future!
Nature of IAM product: Your technology landscape plays an important role in the type of IAM tooling you need. Do you need an on premise-based IAM? does IAM as a Service offering work for you? Or would you go for a custom in house IAM? Have a strategic roadmap taking the future needs into account. IAM product might be great, but does the market have skilled resources available for the IAM implementation and future maintenance?
An IAM product investment decision is too important and it has long term implications. Make key data points available to the senior decision-makers so that an informed decision can be made. Once the decision is made, setting up an enterprise-scale IAM is a major transformational effort impacting every business line. Seemingly very simple aspect around integration plays a very important role in a successful IAM transformation!