ID Number: G00173687



Identity and Access Management Key Initiative Overview
5 February 2010
 
Ray Wagner  

This overview provides a high-level description of the Identity and Access Management Key Initiative. IT leaders can use this guide to understand what they need to do to ensure secure access to critical resources and support critical business processes.






Browse Topics


Other Options







Contact Gartner






Download Document:

PDF
identity_and_ac...pdf (46KB)

Help with Downloads




Analysis


Identity and access management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons.

IAM addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements. This security practice is a crucial undertaking for any enterprise. It is increasingly business-aligned, and it requires business skills, not just technical expertise. Enterprises that develop mature IAM capabilities can reduce their identity management costs and, more importantly, become significantly more agile in supporting new business initiatives.
Return to Top


Consider These Factors to Determine Your Readiness

Enterprises preparing to develop IAM programs, or to improve the maturity of existing programs, should consider the following factors, which may vary significantly from enterprise to enterprise:

  • Current IAM capabilities. A clear understanding of existing IAM capabilities will make it possible to identify IAM technology areas that require functional improvement.
  • Required process and technology requirements. Assessing improvements needed to address identified gaps will enable IT professionals to make informed, prioritized process and technology decisions.
Return to Top


Develop and Mature an IAM Program in Four Phases

Gartner recommends that IT leaders take a four-phase approach to designing, implementing and managing IAM practices that support secure business processes:

  • Strategize and Plan: Define IAM needs, based on a clear understanding of specific requirements, the enterprise's risk profile and ongoing changes in individual behaviors. Establish and communicate the business value of IAM. Identify appropriate technologies.
  • Architect Solution: Consider specific technology solutions, taking into account such factors as authentication strength needs, total cost of ownership, and ease of implementation and use. Consider ongoing market changes, including new delivery and pricing models.
  • Select Solution: Choose technologies to address identified IAM needs, considering established product vendors and service providers, as well as new market entrants. Negotiate contracts with appropriate service-level agreements.
  • Operate and Evolve: Conduct an ongoing IAM program maturity assessment. Consider technology and process changes that may be enabled by improved IAM maturity. Develop and report metrics to communicate the value of IAM projects.
Return to Top




Recommended Reading


The following documents are foundational research to get started with this initiative:

"Consider Identity and Access Management as a Process, Not a Technology"

"A Decision Framework for Initial Identity and Access Management Planning"

"Top-Five Issues and Research Agenda for the Identity and Access Management Professional, 2009-2010"


Return to Top







Browse Topics:
 
Identity and Access Management
IAM Program Management




© 2010 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.




Resource Id: 1265216