5 ways to get Executive "buy in" for Identity Management
Have you ever had a project go south because your executive team didn't truly support a project? It’s not personal; you simply didn't show them why it should be important to them. Here is a quick list to help you get executive buy in for your identity and access management project.
1. Remove the mysticism associated with Identity and Access Management
Technology executives such as a Chief Information Officer or Chief Security Officer may understand the basics of Identity and Access Management, but the rest of the top executives don't. To them "Identity Management" is making sure the spelling is correct on their business card? When you as the technology expert start talking about anything “digital identity” related, they picture spy movies and bad guys with small body parts they stole to break into a vault. Simplify the conversation to the end user experience. Remind them that good identity management will go unnoticed by the end users. Do your end users hate everything about logging in? Tell them THAT is what IDM can fix... and more.
2. Focus on the business process benefits of Identity and Access Management not the technology
Focus on the key business process functions that are important to the executive team. The Chief Information Officer or Chief Security Officer may have a vested interest in more detail, but the rest of the executive team will not care about the technical speeds and feeds and protocols. Remember, SSO to the non-technical executive only brings up images of ships. Business process benefits are actions that will make or save the business money by increasing productivity in a given business unit.
3. Take a modular approach to Identity and Access Management and break down the conversion to smaller digestible bits that improves the probability of success.
There are many horror stories surrounding identity management projects that become “living monsters.” This is because traditional “big bang” identity management suites tend to require a large capital investments and long term installation durations. Couples this long term installation cycle to the ever changing and dynamic business requirements, and you have the makings of a project monster that will not die. In reality, it is only evolving with the needs of the ever changing business dynamics.
To battle against this, adopt a modular method of deploying smaller projects that can be properly digested by the non-technical executive. Get wins, and you will have a solid foundation for the next module. Create a monster, and lose your executive support.
There are more solutions now available that helps the modular IDM Method. At Directory Services, we talk about “Scale Out identity Management using GreyTower Identity Solutions based on the modular approach.
4. Show how Identity and Access Management relates to executive business goals, not just IT automation
A Chief Information Officer or Chief Security Officer may have a major vested interest in the value proposition of IT Automation benefits like automated user provisioning. The rest of the executive management team is only interested in technology that specifically meets their business goals.
5. Remind them that regulatory compliance and Security Breach Notification Laws are not just technical concerns.
I know this is a touchy subject, but regulatory compliance is a business fact of life. With more than 40 states now enforcing privacy and security breach notification laws, business executives must ensure that they have control of who has access to their data. Guess what? Digital Identity Management is the mechanism for the automated process behind complying with security breach notification laws. Identity and Access Management is also a key element in the Certification and Accreditation process for FISMA, the Federal Information Security Management Act.
These are just a few ideas for getting executive buy in on your Identity Projects. Simply put, we tend to want to share OUR value propositions with the executive team, and hope that they understand enough about user provisioning and other simple digital identity implied benefits for them to calculate RIO. This may get your project launched, but for success you really need actual executive buy in.
Subscribe to this blog here!
Author:Marc Potter
Follow Me on Twitter @mrpotter1
