IAM for Everyone: How a Broader Strategic Focus on Users Pays Off

Identity and access management (IAM) is increasingly being seen not only as the technical means for control, compliance and cost efficiencies to protect the organisation’s applications and data – but also as an essential enabler for the organisation’s users.

As noted in Aberdeen’s research report “IAM Beyond Control, Compliance and Cost: The Rise of the User” leading IAM solution providers are now focusing on making the user experience simple, intuitive, and contextual. This in turn helps the organisation to make the many benefits of its IAM systems more accessible, relevant, and valuable to all business users (Figure 1).

Aberdeen’s New Research Study Confirms IAM’s Expanding Focus

A new Aberdeen study conducted in 4Q 2015, confirms that enterprise IAM systems are now being looked to for help with both unrewarded and rewarded risks. Although the former is still a slightly stronger influence, both types are strongly evident among the leading drivers for current investments in IAM, as shown below.

Why Don’t Companies Make Investments in IAM?

• The operational context for managing identities and access has become significantly more complex, which requires time, expertise and focus that many organisations don’t have.
• The total cost of IAM is perceived as high compared to the business value that respondents are able to articulate.

IAM Focused on Protection, Versus IAM Focused on Both Protection and Enablement. How Do These Groups Compare?

In Aberdeen’s latest study, 53% of all respondents indicated that they are investing in IAM capabilities to support users throughout the extended enterprise – i.e. not only employees and guests, but also business partners, customers and consumers. The other 47% indicated that its investments in IAM capabilities are focused on enterprise users only.

A Focus on Extended Enterprise Users Correlates with Higher Investments in an Expanded Set of Related IAM Capabilities

Aberdeen’s comparison of the Extended Enterprise group and the Enterprise-only group highlights a few areas where a broader focus on users correlates with higher investments in an expanded set of related IAM capabilities (Table 1)

Are the Organisations Focusing their IAM initiatives on Extended Enterprise Users Actually Realising the Desired Business Value?

Aberdeen’s research confirms that Investments in IAM capabilities are aligned with strategic intent, but the more important question is whether those investments are helping organisations to realise the desired business value. In this regard the answer is clearly ‘yes’.

Compared to the Enterprise-only group, the Extended Enterprise group reported:

• 56% higher increase in the number of remote and mobile users supported (which is a measure of convenience)
• 6 times higher year-over-year increase in user productivity
• 8 times higher year-over-year increase in user satisfaction (as indicated by the number of desk calls related to IAM)

The Extended Enterprise group was four times more likely to view its IAM systems as enablers of innovation, growth, and new business opportunities.

“And” not “Or” – IAM Supports Both Enablement and Protection

Aberdeen’s research also confirms that companies are able to leverage their investments in IAM to realise the rewarded risks from a strategic focus on users throughout its extended enterprise, while still sustaining its performance in the unrewarded risks of security, compliance and reliability. A comparison of the Extended Enterprise group and the Enterprise-only group shows that IAM initiatives focused on the extended enterprise were able to sustain and improve in these areas:

• 85% few incidents of unauthorised access to resources
• 78% fewer incidents of compromised sensitive data
• 84% fewer incidents of unplanned downtime
• 78% fewer incidents of lack of access related to IAM
• 76% fewer audit deficiencies related to IAM

Summary and Key Takeaways

• IAM is increasingly being seen not only as the technical means for control, compliance and cost efficiencies, but also as an essential enabler for the organisation’s users.
• IAM is increasingly being leveraged not only for the unrewarded risks of security, compliance and cost, but also for the rewarded risks such as productivity, customers, revenue and growth.
• Enterprise IAM systems are now being looked to for help with both unrewarded (e.g. protection) and unrewarded (e.g. enablement) types of risks.
• Some 53% of respondents indicated that they are investing in IAM capabilities to support users throughout the extended enterprise- i.e. not only employees and guests but also business partners, customers and consumers. The other 47% indicated that their investments in IAM capabilities are focused on enterprise users only.
• A focus on extended enterprise users correlates with higher investments in an expanded set of related IAM capabilities.
• Investments in new IAM capabilities are aligned with strategic intent, but the more important finding is that those investments are clearly helping organisations to realise the desired business value.

AFTERWORD

Aberdeen Group has been an international research partner of Nebula since 2010.  With thousands of research documents, growing daily, Aberdeen’s research library helps enterprises and service providers discover the priorities and strategies of best-in-class enterprises.

Besides Nebula’s insight and research services, we also provide services to help large enterprises assess, optimise and manage their enterprise ICT environments.

Should you be interested in finding out more about Nebula’s services or discussing this research, please send us an email indicating your requirements to ContactUs@nebula.co.za.