Data is found at every point in the process and just about everything inside of the IAM systems relies on that data. While we might sound like a broken record, the better shape your data is in, the more successful (and easier, faster, cheaper, and less painful) your IAM implementation and ongoing operations will be.
It’s important to make sure your IAM solution provider, as well as your organization, allocates time early in the project to perform the necessary analysis of the state of your data and processing needs. This allows you to proactively identify potential issues, gaps, or other anomalies and gives you an opportunity to put the necessary mitigation plans in place early on.
In our previous post, we discussed some of these major challenges frequently observed in organizations regarding their IAM systems and the critical data that flows through them. The final installment of our data series will dive into how to mitigate these challenges.
Here are our top three best practices organizations should follow to set you up for a successful IAM implementation and reduce the likelihood of data issues derailing your project.
Top Three Best Practices for a Successful IAM Implementation
1) Data Checks and Circuit Breakers
Periodically, your source data and associated data structures will change as your organization and the technologies systems supporting it change. While sometimes your IAM team will be notified, chances are, this won’t always be the case. That’s why you can’t rely solely on establishing good communication practices between your different system and business owners; your IAM system needs to have built in protections.
So, whether you believe the old adage “trust, but verify” or the newer spin of “don't trust, verify,” your organization should build a number of checks and thresholds into your data consumption processes of the IAM system.
The idea here is that your IAM system should be able to catch most data irregularities and prevent the system from breaking things. Putting simple checks in place, like thresholds for minimum and maximum number of changes from last process, attribute match checks, and filename and system connections, can go a long way towards accomplishing this goal. While this takes a bit of extra time and processing, it’s significantly less time than you’d sink into recovery efforts if you were to process bad data into your IAM system.
It is important to note, however, that you organization cannot prevent or catch every data issue that will confront your IAM system. Thus, it’s crucial to have a recovery plan in place to correct any potential issues as quickly as possible. While every data issue will have its own unique challenges, putting a general game plan in place gives your organization a clear starting point in what would no doubt be a very chaotic event.
2) Less is More
When it comes to identity data, less is more. We recommend using a whitelist approach where the IAM system will only consume or add the minimal amount of data attributes that are necessary for performing core IAM functions and required by target systems and applications.
Start with the absolute minimum number of attributes, and scrutinize each additional request, considering the benefits and risks of adding it. Keep in mind, you can always add additional attributes later on if needed.
To guide you through this process, you should leverage your data governance policies and procedures, and document any changes in data processing that may occur.
When it comes to data governance, your IAM team should have frequent conversations with business owners, key decisions makers, and appropriate leadership representatives within your organization regarding what data is needed, by when, and from whom. Don’t shy away from including those who are likely to be most “difficult” from the conversation—it’s harder for naysayers to throw up roadblocks when they were part of the process.
Working out the details and getting everyone on the same page can take significant time, so it’s important to begin these conversations early on. Start by discussing the most critical data elements, so you can establish the basic functions of the identity system.
To avoid confusion and enable people to verify information, communicate before, during, and after data discussions. Additionally, keeping detailed records and reporting regarding data elements and access, maintains transparency about where data is located and who can access it.
Following the best practices outlined above, combined with proper planning, can go a long way towards mitigating risks and challenges during your IAM implementation. Additionally, good communication techniques throughout the project are key to reducing confusion, misunderstandings, and obstacles throughout the project. And, in the event that an incident does occur, it will be much easier to understand where and how it happened.
Regardless of your organization’s make up, data challenges are bound to cross your pass at some point during your IAM implementation and operations. However, being aware of these challenges and how they can affect your IAM system will put you one step ahead.