Posted: 3 Min ReadFeature Stories

Why Identity Projects Go Wrong

Identifying key factors for success (and failure!) in IAM projects

When organizations undertake an identity-related project (such as expanding identity lifecycle management or enhanced governance of identities and access), it is often launched with great fanfare and hope. However, the end result is often an incomplete delivery, or worse, shelf-ware and lost time and resources. Why does this happen so often, and how can we set up winning conditions from the start that can lead to success?

One major impediment is a lack of executive sponsorship, buy-in, and faith. While this is often present at the beginning of a project, the inevitable issues that will crop up during the project implementation requires the steadfast backing of people at the executive level to stay the course. One key method of avoiding this is to ensure that there is a complete project plan with deliverables negotiated with the business before project start. The quickest way to derail a project is to leave deliverables open-ended or ill-defined, leading to scope creep. Scope creep is the easiest way to make a project become a never-ending series of contentious discussions, which will eat away at the support a project enjoys.

The quickest way to derail a project is to leave deliverables open-ended or ill-defined, leading to scope creep.

This leads to the next point – identifying quick wins, especially for the early phases of the project. In return for the considerable capital executive sponsorship requires, providing visible quick wins is the best way to maintain that support through the completion of the project. This can be as simple as delivering better, easy-to-use self-service tools to end-users that may seem minor, but will build goodwill to the overall project both for the backers of the project and for the end-users of the solution. Nothing will make an executive sponsor look better than being able to show ROI on the project as it delivers win after win, and this will be paid back in support when things go wrong (and like every project, things will go wrong.)

Another problem that leads to project failure is overall scope itself. Identity and Access Management is a multi-tentacled monster that is difficult to wrangle, let alone master. The optimism of a new project in this area must be tempered by a reality-check – is it really possible to automate provisioning across every system both on internal and in the cloud in one year? Always try to remember the Pareto principle – 80% of any gain you can make is typically going to take 20% of the effort, and the remaining 20% gain will take 80% of the effort. Ensuring the scope is tied to the former will help set up the project for success.

Being careful with a long-term phased approach is also a critical component of successful identity projects. It is too easy to break up a large project into multiple phases over a long time-frame (I’ve seen ones that span several years!) This means a constant need to justify expenditure in terms of resources, with each phase a risk to successful project delivery. Executive sponsorship can easily be lost due to turnover, and is difficult to re-capture from a new leader once the project is underway. There is definitely a place for multi-year projects, but they require careful planning and project management.

Being careful with a long-term phased approach is also a critical component of successful identity projects.

Finally, the implementation itself requires specialized knowledge. This is often provided through external consultants and service providers, which is a key resource for any identity project. What is required for a successful long-term implementation is a proper knowledge transfer, which needs to be accounted for at every stage of the project. If internal resources are learning during implementation, they are far more likely to have the capability to manage the solution following the completion of the project. Trying to get everyone up to speed only near the project end-date is a recipe for disaster.

The good news is that a successful identity project can reap huge dividends for any organization. Enabling users to request their own access using an easy-to-use self-service tool (such as the portal in Symantec Identity Governance and Administration) is an excellent way to further capitalize on the investment in time and resources that any identity management solution represents. The visibility of every user of IT systems and their accesses leads to the capability to perform easier governance around those accesses. Automated processes such as provisioning (and in the case of transfers or terminations, de-provisioning) help eliminate the risk of manual processes due to human error. All of these are keys to reducing vulnerability while increasing productivity, freeing up your IAM personnel to doing worthwhile work instead of repetitive, boring tasks.

Symantec Enterprise Blogs
Webinar

Symantec Identity Security: Innovation and Strategy for Your Success

Symantec is more focused than ever on driving innovation and customer success since becoming a division of Broadcom. We are excited to connect with you and share updates on our Identity Security solutions and how we are providing our customers with additional value.

Register Now
Symantec Enterprise Blogs
You might also enjoy
Video
Expert Perspectives3 Min Read

Symantec is Stronger as a Division of Broadcom

What that means to Symantec customers

Symantec Enterprise Blogs
You might also enjoy
Feature Stories2 Min Read

Broadcom & Symantec Enterprise: It’s All About the Portfolio

And investing for the future

About the Author

Michael Berthold

Principal Solution Architect

Mike has experience ranging from Identity Security to solutions development. He has been with Broadcom (and previously CA Technologies) for five years, and over twenty years in IT Security. Mike lives in Montreal, Canada with his wife and three children.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.