Building Your Business Case for an Identity and Access Management Solution – Part 1

Posted on 25 September 2017

Building a business case for an Identity and access management solution should be a 4 stage process:

  1. Performing a needs assessment
  2. Identifying the baseline
  3. Defining your goals
  4. Creating a financial model

The business case for any proposed IAM project always starts with one fundamental question: Why is it needed? Or, more specifically, what business problems do you intend to solve with IAM? And how will that ultimately deliver value to the organization?

Accordingly, the first step in building the business case is assessing internal needs to identify and prioritise challenges that are likely to drive the most value. It’s important to be extremely specific about the challenge or area to be addressed. The general drivers for action are well-recognised:

  • Compliance mandates
  • Cost reduction
  • Business enablement
  • Risk avoidance

But, identifying the things that are specific to your organisation is essential to laying the foundation for a strong business case.  The rest of the steps in the process all build on the needs assessment that’s conducted at the very beginning. For instance, if you are in a highly-regulated industry, compliance and risk avoidance is going to be a major concern for the executives in your organisation.

Knowing who has access to what applications and systems in the company should be a top priority in order to show the organisation is compliant with regulations and is effectively managing risk. Other organisations may be focused on cost management and seek to lower the burden on the helpdesk by automating password resets and access requests. Improving business productivity can be another important goal if slow, inefficient processes are barriers to getting your business users the access they need.

Key questions

  1. How much risk is your organisation exposed to by not having a clear picture of who can access what data and applications?
  2. How long do business users have to wait to gain access to the systems they need to do their jobs?
  3. Are you facing any issues related to security audit deficiencies?
  4. How many calls to the help desk are you handling related to forgotten passwords?
  5. How much are you spending on proving compliance with regulations?
  6. Are you removing access for terminated employees in a timely manner?

If you would like help putting together your business case for an IAM solution, please contact us.

Taken from the SailPoint White paper, which can download here – SailPoint-Create-a-Business-Case

A few people we've already done it for