Products and Solutions

Identity for Modern IT: Balancing Provisioning and Integration in IAM

May 03, 2016 | by RSA |

With the introduction of RSA Via Lifecycle and Governance 7.0, RSA Vice President of Engineering and Product Management Jim Ducharme emphasized "make it easy" as one of the four main themes for this latest release, particularly in the areas of onboarding new users and integrating new applications. Research from the Aberdeen Group on identity and access management (IAM) provides insight on the importance of balancing integration and provisioning tasks and underscores the importance of identities in modern IT.

Based on a study of nearly 140 enterprises, the following figure shows the distribution of how many business hours are typically needed to provision a new user identity, provision user access to a new application, integrate a new role into the enterprise IAM system, and integrate a new application within the enterprise IAM system.

RSA Graphic

Provision a New User Identity

Most people would agree it is necessary to get users up and running in IAM systems as quickly as possible, especially when it comes to new employees. According to Aberdeen's study, about three in five companies make this happen in eight business hours or less, but more than one-third took as long as an entire business week.

As unproductive as it is for new users to be idle for this long, this could just be a one-time occurrence when onboarding new workers. Ideally, companies will make quicker work of provisioning users with access to the applications required to do their jobs-a process that happens frequently over time.

Provision User Access to a New Application

Unfortunately, many companies are lacking in this area as well. In Aberdeen's study, the time to provision a given user with access to a new application was similar to the time to provision his or her identity. About two-thirds of respondents complete this task in one business day or less.

The difference between these two tasks is that users will typically ask for access to new applications multiple times in their tenure-not only when applications are added to the enterprise portfolio, but also as users change roles over time. When you calculate the cost of unproductive time when workers don't have access to applications, the cost of these delays starts to look like a big deal.

Integrate a New Role Into the Enterprise IAM System

What about adding a new role into the organization's IAM system? This is an example of an integration-related task, and the distribution of responses in Aberdeen's study was basically flipped from the results of provisioning tasks. Just 30 percent of respondents achieve this task in one business day or less, while 70 percent take as long as four work weeks. This capability often supports the organization's strategic objectives for flexibility and agility, so it is clear how poor IAM can be a hindrance to an organization.

Integrate a New Application Within the Enterprise IAM System

This area was arguably the strongest example of where IAM needs to be made easier. The survey responses showed an essentially uniform distribution. It was just as likely for this integration to take up to four work weeks as it was to take one business day. Because of the size and complexity of the typical portfolio of applications involved in modern IT, the ability to integrate new applications with IAM can have a material effect on the organization's ability to execute.

It's interesting to note that when trying to simplify IT, companies seem to have placed the greatest emphasis on the provisioning tasks associated with IAM systems. The result of this is that the organizations are forcing IT and development staff to shoulder challenges on the application and integration side. Both aspects are important, however, especially when adopting the perspective of IAM as a business enabler rather than merely a means of enforcing policy and control.