.

Identity Management and the Second Half of the Chessboard

By Hanno Ekdahl, Founder, Idenhaus Consulting, Inc.

Ray Kurzweil coined the phrase “second half of the chessboard” when describing the point where an exponentially growing factor begins to have a significant economic impact on an organization’s overall business strategy, in particular with regard to technology. Small issues in data quality, solution design, and processes become a force multiplier at scale, driving both bad results and dramatic, profit-robbing inefficiencies.

Ray’s chessboard allusion is to the legendary story about a man who performs a great service to a king, after which the king asks how he can repay the man. The man presents the king with a chessboard and asks for a grain of rice that doubles each day for each of the 64 squares on the board. The king agrees; however, he doesn’t realize what he’s signed up for.  The sequence begins easily enough: 1, 2, 4, 8, 16, 32, 64, 128…but on the last day the king owes more rice than the world produces in a year.

Innovation is driving a frenetic pace of change, and every day it seems like new services develop to meet evolving consumer needs. These new services also drive an explosion of devices and applications, producing vast amounts of data to manage. As a result, the IT landscape today is dramatically different than just a few years ago. In a world of exponential change, organizations need a way to manage this complexity at scale and provide a foundation to support the radical transformation of their business. If now is not the time for constructive disruption to get a handle on user identities, then I don’t know when that time would be.

“Things only get crazy in the second half of the chessboard.” -Ray Kurzweil

Crossing Over to the Other Side of the Chessboard

Looking at this IT-themed chess board, at some point in our journey we will find ourselves in the middle of it all. How will it be to live on the second half of the chessboard? With the advantages Identity Management provides, we have an opportunity to reduce costs by automating user administration and compliance, drive new profits with a better end user experience, and build a scalable, robust solution to drive future innovation by managing operational complexity. In order to get there, we need an end-to-end solution that is built on high-quality user data.

Organizations often overestimate their data quality and downplay the implications and impact of poor-quality data on the business. The consequences of bad data may range from significant to disastrous as these small issues become unmanageable at scale. Data quality problems can cause projects to fail, result in lost revenues and diminished customer relationships, and drive high levels of customer turnover. Regulatory compliance is one area where data quality problems become visible, as businesses are routinely fined for not having an effective regulatory compliance process. High-quality data is at the heart of compliance and is also required to deliver on the promise of your Identity Management solution.

Food for Thought:

  • Bad data quality is a self-inflicted wound.
    • Bad data and poor results from using that data can lead to a loss of confidence from your end-users and customers. Organizations that do a bad job of managing customer identities will see high levels of customer churn; driving up acquisition costs and reducing the lifetime value of each customer.
  • Poor data quality hamstrings IAM/IGA projects.
    • IAM/IGA projects almost always begin without any consideration of whether there is enough quality data to support program objectives (e.g., Role-based Access Control, workflows, access reviews), or whether the data that exists suit common use cases. There are many assumptions made without even looking into the data, which leads to a massive investment in a project that is doomed from the beginning.
  • Customer Identity Management
    • The majority of organizations fail to integrate external information, either because it’s not accessible due to privacy concerns, or because it is time-consuming to collect. Third-party data can tell you a lot more than you imagine about your external identities; we recommend taking a look at solutions like Seczetta to help in this area.
  • Use ETL to Evaluate and Clean Up your data.
    • A set of tools termed Extract, Transform, and Load (ETL) can be used to help evaluate data across systems. If your applications and systems are not integrated with your IAM solution, the data in these systems is rarely updated. By comparing user attributes from your HR system, Active Directory, IAM, and key applications, you can flag attributes that are out of sync and true up the data so it is accurate and up-to-date.
  • Access reviews are fundamental.
    • Implementing an access review solution, such asSecurEnds, exposes entitlement creep and orphan accounts in endpoint systems. Once unnecessary accounts are identified in the access review process, they can be removed or disabled.
  • Build a Data Dictionary.
    • A Data Dictionary is a repository of user attributes across an organization’s core systems. It includes information about which systems are authoritative for specific user attributes, the attribute naming convention across systems, any required data transformations between systems, and the format in each system. It may also include relationships of a data item to other data elements, default values, as well as minimum and maximum values.
  • Take a Systems Perspective.
    • Approach data quality issues from a systems perspective. How do your processes align with your data quality goals? Does your HRIS system support data validations? How do user interfaces support data quality for your HR administrators? For user-administered data?

In Conclusion

As identity management technologies advance, they provide new options for organizations to scale and combine the benefits of automation with the mass customization of services.  Scaling up an enterprise-class environment to enable effective standards usage across a spectrum of operational contexts, while supporting customization where necessary is vital to delivering tailored services to business units and customers.  This ability to customize at scale is new, and provides an opportunity to meet more customer requirements without additional infrastructure or compromising security. Delivering technology innovation to scale requires a design that is flexible enough to be used in a variety of contexts and robust enough to retain effectiveness.

Hot Topics

Related Articles