Building a business case for an identity and access management solution – IIII

Building a business case for an identity and access management solution – IIII

In the final of our 4 posts on building a business case for an identity and access management solution, we look at creating a financial model. To recap, building a business case for an Identity and access management solution should be a 4 stage process:

  1. Performing a needs assessment
  2. Identifying the baseline
  3. Defining your goals
  4. Creating a financial model

Create the Financial Model

Calculating business value involves the process of weighing the benefits of a project against its costs. Estimating costs is a matter of thinking through every aspect of how the project will unfold and any associated costs.

You need to first account for implementation: the hardware, software, personnel or other resources you’ll need to get the IAM solution up and running. Once that phase is complete, the maintenance costs you expect to incur from those same areas (or any additional ones) also need to be included in your model.

Your next step is to quantify the project’s benefits. You will need to document the specific improvements and how you will save the organisation money with a new IAM solution:

  • How much will you save by reducing compliance costs?
  • How much will you save by reducing help desk incidents?
  • How much time will you save users waiting for access?

Assigning a value to each of the areas in which you will add value to the organisation for:

  • Compliance
  • IT operations
  • User productivity
  • Security risks

This will add a measurable value to the business case that executives can not only understand in a moment, but also get excited about. Cater the business case to what your executives expect and want from an IAM solution while also satisfying the needs of the organisation.

Measuring the value

Once you understand the costs and benefits associated with a project, there’s more than one way to measure its value. Every organisation has its own preferred financial metrics. It may be based on the payback period, i.e., how quickly the investment in the project can be paid back in terms of months or years. It may be based on the return on investment (ROI), i.e., how quickly it can be paid back in terms of the valued time or funds invested.

The key is to align the financial model with the benchmarks that management expects to see. Payback period and ROI are typical metrics used by many organisations and are both easy calculations to include as a part of your financial model.

Ask yourself these questions:

  • What does the implementation phase look like in terms of both costs and benefits?
  • How will the benefits of implementing IAM impact your current team’s workload?
  • What kinds of costs are you currently incurring that you may be able to avoid?
  • How is IT and the business going to maintain the program after initial implementation?
  • What type of software/hardware technologies will you require?
  • What will the cost of implementation services to deploy the project be (whether they are out-sourced or staffed internally)?

If you would like help putting together your business case for an IAM solution, please contact us.

Taken from the SailPoint White paper, which can be downloaded here.