I have question? Who exactly is implementing the complete Identity solution? My identity management experience is just 3 years, by December 12th. I have worked with various clients. I have not found even a single organization using the Identity management product (which ever they bought) to the fullest. I mean the provisioning capabilities of the product are not used properly.
And the major reason people state is, they are not clear about their organizational roles. How long? I mean it has been longtime organizations started having the need to implement IdM solutions and still no one's figured out how to make it complete? The sales pitch of many identity sales guys says, other than compliance one can achieve profits by limiting calls to the help desk, reduce the number of administrators managing resources and all such other stuff, but is it happening?
I have seen many orgs, asking us just to send an email to the admin rather than provisioning. The admin creates the user and says done to make the audit log. Thats it, the auditor is happy and so is the company. Is this what is Identity Management?
What is the way ahead for all these implementors and organizations? Investing this much on the solutions/products?
A different thought:
How about saying a discplined approach from the beginning of an organization would have avoided this mess? Security/Process these terms come in only after the mess has already happened. Recently I was talking to an ISO in a big company and he said first I need the process to be in and then we can think of security. Wow, dude are you into information security?
If an organization can have processes set from day one and follow them and be disciplined, things will be better.
Some hero from some workgroup creates a beautiful html page and says from today we can use this for some XYZ work. Its launced and the hero is rewarded. Later after 10 years when this page becomes critical and the creator has already left the organization without any documentation, pffffffhhhh then you know what happens.
So any new entreprenuers? Guys be cautious today to avoid huge unnecessary investments tomorrow.
And the major reason people state is, they are not clear about their organizational roles. How long? I mean it has been longtime organizations started having the need to implement IdM solutions and still no one's figured out how to make it complete? The sales pitch of many identity sales guys says, other than compliance one can achieve profits by limiting calls to the help desk, reduce the number of administrators managing resources and all such other stuff, but is it happening?
I have seen many orgs, asking us just to send an email to the admin rather than provisioning. The admin creates the user and says done to make the audit log. Thats it, the auditor is happy and so is the company. Is this what is Identity Management?
What is the way ahead for all these implementors and organizations? Investing this much on the solutions/products?
A different thought:
How about saying a discplined approach from the beginning of an organization would have avoided this mess? Security/Process these terms come in only after the mess has already happened. Recently I was talking to an ISO in a big company and he said first I need the process to be in and then we can think of security. Wow, dude are you into information security?
If an organization can have processes set from day one and follow them and be disciplined, things will be better.
Some hero from some workgroup creates a beautiful html page and says from today we can use this for some XYZ work. Its launced and the hero is rewarded. Later after 10 years when this page becomes critical and the creator has already left the organization without any documentation, pffffffhhhh then you know what happens.
So any new entreprenuers? Guys be cautious today to avoid huge unnecessary investments tomorrow.
No comments:
Post a Comment
This is how we learn. Say it right away ...