What are the most common mistakes made when implementing IAM software?

Chief Evangelist André Koot has been focusing on the field of Identity and Access management for 20 years. His message is clear. IAM is no IT party, but a change that affects business processes at all levels. Collaboration between different departments is therefore crucial. In this blog series, we asked him the most pressing questions about why IAM implementations are so often unsuccessful.

What are the most common mistakes made when implementing IAM software?

“There are so many common mistakes. The biggest mistake is that the IAM implementation is approached as an IT project and the business is not sufficiently involved. The business processes, working methods and mutual agreements belong to the business and cannot be set up in the desired way by IT without their involvement.

Apart from lacking business buy-in, we should mention lack of time and effort. Implementing the first phase of IGA will take only a small amount of time. But it will take more in the next phases: more connectors, more workflows, more reports, more roles… Still this sometimes is underestimated.

Another failure is due to scope creep. By all means: Focus. Don’t start exploring all features and adding more connectors and reports. Take it easy. Implementing IGA, and more specifically access governance, will result in organizational change. That’s not just a task for a sunny or rainy afternoon.

And by all means, don’t change implementation partner just because of some issue. Every implementation will hurt. Every time people will be blocked, accounts and authorizations revoked, documentation forgotten. It will happen.

Again, take it easy, be patient. Your organization will benefit.”

Background blog series

The installation of a new identity and access management software package is often approached as an ICT implementation. This not only brings risks, but also unnecessary costs and dissatisfied users. Companies grow and change. The digital age has brought about a transformation in many companies in which digital possibilities are increasingly used. This has resulted in many different applications and systems and sometimes a somewhat fragmented ICT landscape and decentralized organizational control. In doing so, there are more and more types of users using an organization’s digital assets. Such as employees, customers, partners, devices and things. In identity and access management, it is precisely important that these things are connected. Well, in a safe and thoughtful way. This blog series addresses this.

About the author

André Koot
CCSO

andre.koot@sonicbee.nl

André Koot is principal IAM consultant and co-founder of SonicBee. He has over 25 years of experience in the Cyber Security domain, of which the last 20 years he has been specifically focused on Identity and Access Management. He is an absolute top expert in this field, internationally recognized. André makes an active contribution to the IAM domain, among other things in his roles as: Board member Cloud security alliantie NL chapter, Member IDPro commission and member of the advisory board of Identity.Next.

About SonicBee

SonicBee is the Identity and Access management (IAM) company providing innovative and intelligent managed services and business consultancy to make businesses faster, smarter and more secure. We ensure that everything and everyone within your environment can access information in a safe, compliant and smart way.

We challenge the existing market by looking at identities and data in a new way. SonicBee provides managed services, advisory services and trainings focused on increasing our society’s cyber security and creating business value.

What are the most common mistakes made when implementing IAM software?