In its research report, IAM Beyond Control, Compliance, and Cost: The Rise of the User, Aberdeen Group described how the strategic focus for enterprise identity and access management (IAM) systems has changed.
Traditionally, the leading drivers for investments in enterprise IAM initiatives have focused on the objectives of control, compliance, and cost. Today, however, disruptive changes in IT are also creating invaluable new opportunities for enterprise IAM systems as a business enabler.
The conclusion was pretty straightforward: by applying enterprise IAM capabilities beyond the traditional population of internal users to the extended enterprise (which also includes business partners, customers, and consumers), the role of IAM as a business enabler can be taken to an entirely new level.
In Q4 2015, Aberdeen conducted a new study on IAM – a look at the use, experiences, and intentions of nearly 250 organizations from a diverse set of industries – which provides some additional insights on this important topic. About half (47%) of all respondents indicated that their investments in IAM capabilities are focused on internal enterprise users only, while the other half (53%) invest in IAM capabilities to support users throughout the extended enterprise.
The research confirms that by focusing strategically on both internal and external users, these enterprises are starting to view their IAM systems as essential enablers for innovation, growth, and new business opportunities. But clearly just wanting these strategic outcomes to happen doesn’t necessarily mean that they’re going to happen. If we continue to do the same things, in the same ways, we’re not very likely to achieve different results – this is, after all, a variation of the “definition of insanity” that is usually attributed to Albert Einstein!
For this reason, it’s not surprising to find that enterprises focused on a broader range of users are also investing more strongly in new IAM capabilities that align with and support those strategic objectives. As seen in Aberdeen’s research, two examples of IAM capabilities that illustrate this notion of “investing for success” are preventing the bad user behaviors, but fast-tracking the good, and streamlining and personalizing the user experience.
Preventing the Bad User Behaviors, But Fast-Tracking the Good
The organizations in Aberdeen’s study that focused on the extended enterprise were nearly three times more likely to support out-of-band authentication, which typically takes the form of a separate phone call or text message to a user’s pre-registered mobile device. This capability can provide the enterprise with a higher level of assurance for specific access attempts or transactions that identity analytics have flagged to be inconsistent with normal patterns of behavior…a complementary capability which the extended enterprise group was also more than two times more likely to have deployed.
From the user perspective, these are examples of new IAM capabilities that give users – both internal, and external – higher confidence that the enterprise is protecting them, which has a positive impact on their propensity to interact and transact. At the same time, these capabilities contribute to minimizing the friction in their daily online experience, which has a positive impact on both user productivity and user satisfaction.
Streamlining and Personalizing the User Experience
In recent years, leading IAM solution providers have introduced innovative user interfaces for making and approving access requests, which in the past has been something that only the more technical and IT-savvy business users could master without direct involvement from IT.
One example is an intuitive “shopping cart” metaphor that virtually all business users are already familiar with as consumers – simply select the access you need from a context-sensitive menu of options, put it in the shopping cart, and with one click, initiate the workflow for approvals and automated provisioning. Investments in these types of innovative IAM capabilities are designed to:
- Simplify the user experience of requesting access
- Automate the approval and fulfillment workflows for provisioning access
- Make it possible for business users to manage typical identity and access lifecycles, without the extra time and expense of specialized IT resources
The organizations in Aberdeen’s study that focused on the extended enterprise were about 1.5 times more likely to invest in automated user provisioning – which not only provides benefits to their users, but also contributes to their ability to support much higher user scale, at much lower per-user cost.
In the next blog, we’ll look at some of the specific ways that a broader strategic focus on users – which, as we have seen, has led to corresponding investments in new IAM capabilities in support of that strategy – shows up in terms of results.
For additional insights, I invite you to check out the full report: IAM for Everyone: How a Broader Strategic Focus on Users Pays Off. Also join me Thursday, January 21, at 1pm EST, for the related webinar, Are You Getting the Most out of your IAM System? Four Ways to Find Out.