A panel of experts told an audience of IT managers in early March that the best way to get users involved in access and identity management is to allow them to participate more actively in the rollout.
Often there is resistance to these types of solutions due to the perception that identity management means loss of control, said Tom Moss, vice-president of technology for Bell Security Solutions Inc. Moss was one of half a dozen panelists speaking at the Identity and Access Management Symposium.
A good way to combat that perception is to give some of that control back to the user base, he said. The benefits of identity management aren’t always gleaned from developing employee access routines to key systems but from keeping the good records and an audit trail that such a system provides. In other words, compliance, not control, is the end result.
Employee buy-in when a such a project is first put on the table is one way to ensure a rollout goes smoothly, said Rosa Caputo, managing director of Toronto-based KeyData Associates, a consulting firm that specializes in operational risk management and regulatory compliance.
“Take the time to do a proper blueprint to get the buy-in,” she said. “Build on your successes every step of the way and give yourself time for small hurdles.”
Use bribery if needed
Some companies are so desperate to get employee buy-in they’ll practically resort to bribery, said Roberta Witty, a vice-president in Gartner Research’s information security and privacy group. In one instance, a firm gave away $25 gift certificates to ensure participation, she said. In another, the threat of chargebacks for help desk calls reduced the degree to which employees could lean on IT support for ID management.
Identity solutions tend to be a source of consternation in the enterprise when one department is more knowledgeable than another, said Warren Shiau, lead analyst of IT research at the Strategic Counsel, based in Toronto.
“Compliance is a big buzzword these days,” said Shiau. The business side of the enterprise is eager to achieve compliance, but they don’t understand the minutiae that goes into an solution to achieve that compliance. As such, they aren’t familiar with the identity management terminology that might be second nature to an IT department, and they have a hard time budgeting for a rollout.
Selecting the right vendor in the first place can ease some of that congestion, said Witty. “Choose your product wisely and choose your systems integrator wisely,” she said. Make sure the product meets your existing needs and is flexible enough to encompass your future needs. Also, “make sure the partner has worked with the product before and you aren’t the guinea pig. I’ve heard too many horror stories . . . where the systems integrator didn’t deliver what they promised.”
The hallmark of a successful rollout out is when one department recommends that another pursue the same install, said Moss. “You’ll find it takes off quite virally when people first find out they’re getting a better, simpler user process.”