IAM is a Journey, not a Project

In our recent CIO Roundtable tour, a question about Identity and Access Management that emerged in every session was, “where do I go from here?”  It is one thing to talk about the theory of IAM; it is quite another thing to actually implement it in your enterprise.

My advice to the Roundtable participants and to you is this, “IAM is a journey, not a short-term event. Enterprises must begin to approach compliance as a long-term program, not a single project.  Take stock of where you are now, set objectives for where you want to be in the future, and execute your strategy in stages.”

To illustrate this process, the white paper I recently wrote, Identity and Access Management: Enabling HIPAA/HITECH Compliance, proposes thirteen best practices for approaching the application of IAM to HIPAA/HITEC compliance efforts.  Recognizing that IAM is a journey, not a project, is one of the best practices.

Think program, not project. HIPAA/HITECH compliance is a journey, not a short-term event. Enterprises must begin to approach compliance as a long-term program, not a single project. An effective and holistic compliance program should also incorporate governance and risk management. Boards of directors and executives are frequently being held to higher standards than ever before as they are expected to be knowledgeable about, and held liable for, everything going on within the enterprise.

roadmap

The step-by-step process depicted above doesn’t fit everyone.  It only serves to illustrate the need to for defining your IAM journey as a series of phases subdivided into measureable steps.  Our experience has shown that those enterprises who follow this basic process usually succeed, while those who attempt to do much all at once, or focus on one small tactical project, often fail to realize the benefits of a well-executed IAM strategy.

Happy trails!  (I couldn’t resist that last comment, even though the “happy trails” comment in my previous post dealt with airline travel, not IAM journeys.)

Comments:

Post a Comment:
Comments are closed for this entry.
About

Discovering Identity was founded on blogs.sun.com in May 2005 as a means of documenting my exploration of the field of Identity and Access Management. In February, 2010, I switched to hosting the blog at DiscoveringIdentity.com. In March 2012, I began posting Oracle-related information in both places.

Thanks for stopping by.

Please connect with me in cyberspace at LinkedIn or Twitter.


The views expressed on this blog are my own and do not necessarily reflect the views of my employer, Oracle Corporation, or any other person or organization.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today