Stages of the Identity and Access Management Maturity

There is no shortage of businesses that have found it difficult to implement a successful identity and access management (IAM) system. Unvalidated promises, a lack of governance and simply poor communication can cause business owners to distrust IAM services.

This article will not attempt to present ways to ensure the success of implementing IAM systems. Instead, we will pick apart the different stages of the IAM maturity cycle and what should be expecting in terms of IAM at each point of its implementation. Understanding how the system develops and changes at each stage of its maturity is crucial to its long-term success.

Understanding the nature of IAM systems will give us a stronger foundation to assess the stages of its life cycle. IAM systems are not so many projects as they are a process, requiring constant evaluations and updates to function optimally. Implementing a successful IAM system demands every member of an organisation to augment their thought process when it comes to IAM. An IAM system is not simply a plug-and-use software, it is an evolving process with several identifiable stages.

During this initial period of its implementation, the IAM system is still in its early infancy and users may encounter many issues. Processes may not yet be finalised or standardised. The time taken to grant or remove access may take longer times than necessary, as most of the processes will still be manually completed. Users will follow proper procedure as and when they want, and the processes are still manually applied.

The second stage in its life cycle is enforcing the repeated use of a still immature IAM system. At this point in time, employees will be complying with proper IAM methods when accessing authentication and applications. However, these actions will still be labour intensive and highly dependent on the knowledge of each individual. These tasks will mostly be done by those who do repetitive tasks as they gain familiarity with the proper procedures. The majority of responsibility to adhere to proper procedure will lie heavily upon the individual.

The IAM system then reaches a higher maturity level in its implementation. Its processes and proper procedures will have attained higher, if not ubiquitous, levels use. Now, most processes would have achieved some form of standardisation, properly documented and articulated for all employees to adhere to. However, the practicalities of the IAM system will not have reached optimum levels as of yet and still be a labour intensive and manual procedure.

Once defined, the IAM system reaches a managed level of maturity. Close to being optimised, processes within the system are constantly monitored by management to identify potential opportunities for improvement. The procedures are also improved occasionally. Conforming to proper procedures are now measured and enforced; actions are taken if expectations are not met. Now, automation or IAM tools are still rarely used.

Finally, the IAM system reaches optimisation. Procedures are automated using supporting IT systems, allowing for maximum efficiency and quality. Automation allows users to execute and follow procedures consistently and easily. Naturally, procedural compliance is still measured and enforced.

To conclude, an IAM system requires time and patience to reach full maturity once implemented. It is not simply a case of installing a software and expecting complete optimisation instantly.