Who does IAM truly benefit?
Thursday, February 3, 2011 at 02:57PM Let’s be honest, the Human Resources department at your organization is not there to help you. Sure, they’ll get you a replacement medical card when you put yours through the wash, and they’ll help you locate local doctors in your plan, and tell you how to take a loan against your 401K. But that’s just frosting. What they’re really there to do is protect the corporation and management from lawsuits. That’s the bottom line.
Why do you need to know things like that? Well, here’s why. The way I approach everything and everybody that I interact with is, they’re all a black box. If I know how the black box works, then I know what I need to put into it to get the desired result OUT of it. An old boss of mine was motivated by avoiding scrutiny and never wanting to lift a finger if it didn’t involve retrieving donuts. If I ever needed anything, all I had to do was outline to him what I needed, then my intended path to getting it, and if my plan involved talking to anyone above him in the org chart, he would suddenly get animated and take care of it for me. The rest of the time he simply stayed out of my way. Understanding his motivations helped me achieve my goals. Black box.
An identity and access framework is the same thing. Sure, there are benefits such as SSO, or at least RSO. And it should guide you to the desired landing page and appropriate links based on your role. It should give you that access in a timely manner, once approved.
But really, IAM is there to benefit the organization. Your SSO is the organization’s faster path to your productivity, which makes you feel better about yourself, but it really all about them. The same goes for your automated provisioning. And password reset. Even more of a bang for the org is the stuff you DON’T get, such as access to stuff you shouldn’t. The audit of everything you do, including the requests that are denied. Oh, and don’t forget the automated DE-provisioning. It’s the organization’s security.
It’s like the company Christmas party. It costs the boss a few bucks for booze and finger food, but what do you really get out of it? Now imagine you’re the security chief. Understand the motivations of the organization, and pitch to them what you need in terms of AAA. Black box.