When we think of cyber security, our mind races to high-profile data breaches, the dark web, and cyber criminals out to get our money and personal information. While safeguarding against big threats is an important part of any business strategy, there are other potentially catastrophic risks that get less attention, and identity security is one of them.
Enabling the security of digital identities for all users, applications, and data within an organization is vital to success. Not only does it allow businesses to provide automated access to technology, tools, and business applications, but it also safeguards against potential security and compliance risks. When done right, it will also enhance productivity and overall business alignment.
Sounds simple, right? While the benefits of strong identity security—improved ability to safeguard against attacks, process automation, and reduction of risk, among others—are relatively understood, how to get a successful identity program off the ground is a different story.
Like many IT projects, a great deal of identity security initiatives are doomed from the start. Fortunately, this is avoidable if the proper steps are taken prior to the big launch. By keeping several best practices in mind, organizations can tackle any identity security task with greater confidence, and higher rate of success.
1. Don’t Get Over Ambitious
Some of the best laid plans are built on practicality, and identity security is no different. Biting off more than you can chew is a definite contributor as to why so many IT projects fail. Be intentional about what you can achieve with the resources you have, including budget, human capital, and time.
Identity must be heavily integrated into other business facets, such as IT and HR management systems, among others. It also requires advisory services on top of in-house resources to run smoothly. Make sure the groundwork is laid before deploying a new software and hoping for the best. Be realistic about the challenges that may arise and look at the full spectrum of resources necessary to achieve the intended outcome.
2. Don’t Discount the C-Suite
A top-down approach will set your project up for success from the get-go. Executive management can help communicate to your organization the importance and urgency of getting your identity security program up and running. Research shows that 54% of IT project failures can be attributed to poor management, compared to only 3% due to technological problems. And too often, IT projects are deemed just that—an IT project—regardless of how much of the broader organization it affects.
Strong leadership, which can include both support from the C-suite, as well as specific department heads, is necessary to avoid this fate. Approaching executives with a clear plan and proposed business benefits is a good place to start. For identity specifically, explain how this initiative is a key component of your organization’s digital transformation and the anticipated ROI: a more secure network, and more streamlined processes.
3. Don’t Put UX on the Back Burner
While executive approval is important, nothing will expedite defeat like a solution that’s not user-friendly. The people using your identity security solution every day are the ones that can make or break your project, so it’s vital to integrate software that is easy to use and doesn't disrupt the normal flow of work. Fail to do this and users will find workarounds, ignoring processes completely or inundating the Helpdesk with queries.
This disconnect can bring down an entire identity security project. By considering identity solutions that can be easily integrated into existing systems and processes, fewer training and UX issues will arise. Removing barriers to entry will create a smoother onboarding process, and thus, better adoption and response from employees.
4. Don’t Reinvent the Wheel
Rather than using multiple siloed solutions tethered together, consider running your new project on an existing IT Service Management (ITSM) platform. This approach can help avoid the pitfalls of introducing new systems to your organization. For identity security, a lack of integration makes it difficult to retrieve valuable data from enterprise systems and use it effectively. As a result, when data pulls are done manually and on an ad hoc basis, a piecemeal process becomes the norm.
This is time-consuming, duplicative, and ripe for human error. Auditing becomes difficult, accountability suffers, and leadership has little insight into who is managing the governance process. Running an identity solution built natively for an ITSM platform not only maximizes the investment in that platform, but costs less than creating an identity solution as its own stack.
By keeping these four best practices in mind as you establish or upgrade your identity security program, you can have the assurance that your project will get off on the right foot—and that’s a good for your entire organization.
A version of this article first appeared in Global FinTech Series.