Can you share any tips or lessons learned from your IAM implementation? What would you do differently, if anything?
Sort By:
Oldest
Director of IT in Manufacturing8 days ago
Its a tricky implementation and sometimes could be long running as well1) Pay attention to your current IAM landscape as its easier to implement something greenfield rather than introduce new IAM systems in an existing setup
2) If you are using some integrators, depending on your IAM scope, make sure you have the right expert resources from the Integrator as they can screw up big time as its a very specialized field
3) Integrator contracts to be carefully done with penalty clauses for schedule overruns or poor quality
4) Create your test cases carefully as many unforseen situations can happen in IAM implementations
5) Pay attention to End User experience and sometimes its a trade off between security and User experience
6) Engage your security architects and Infra architects from the beginning. Also involve Enterprise architects or solution architects as some use cases are better known to them
7) Plan a step by step implementation and start with pilot rollouts instead of full big bang deployment
rgds/sanjay
Emphasize the importance of user experience in IAM implementation. The more time users have to adapt, the more successful the program will be. For instance, while 'phish-resistant MFA' may be the ultimate goal, for a user unfamiliar with MFA, it can be overwhelming. Starting with a less impactful option can be a good initial step.
Any IAM effort, no matter how small, is a project. At least IT and security resources are needed for success. Ensure alignment and allocation of resources. Don't treat it as BAU.