One question which I usually ask during IAM hiring sessions is “How to sell IAM to business” or “How to convince your Executives for IAM solution”. The answer normally is a long silence or a muddled explanation, confused between security and cost savings, which I believe can never seize attention of top management.
It’s not too long ago, when Identity & Access Management (IAM) was considered a helping tool for control user administration, but thanks to its successful shift from an “IT-centric” technology to a “Business Enabler” technology, IAM projects today have more potential than ever to attract funding, even at a time when budget for most IT projects remain tight.
Following are some of the key reasons to get approval of an IAM project.
• IAM improves critical processes & reduces operational costs
• IAM consolidates and simplifies the enterprise architecture
• IAM enhances security, risk management, privacy and compliance
• IAM improves user experience and effectiveness.
• IAM boosts business agility and profitability
Though all above points are valid reasons for an approval, but trust me, key focus of executives would be on Cost Savings :)
Following are two forms of cost savings that can be achieved by running an IAM initiative.
1. Reduced workload of staff
2. Productivity in terms of money
Now the question is, how and where to start these calculations? It’s always tricky to write an IAM business case, but here you go with a quick explanation.
Before you start actual calculations, collect some base numbers related to workforce i.e.
• Number of users in organization
• Number of work hours per annum per user
• Hours per day
• Number of Help Desk (Service Desk) Staff
• Number of Security Administration Staff
• Number of Access Provisioning/De-Provisioning Staff
• Productivity of a typical business user (in terms of hours)
Next level is to collect operational data i.e.
• Number of new hires each year
• Number of retirements/resigns each year
• Number of transfers/moves each year
• Average time a new joiner waits to get accesses
• Average time a mover waits to get accesses
• Average time spent by requesters/authorizers to fill the ‘access form’ or order access
• Productivity of a user waiting for access (in terms of percentage)
• Number of ‘access denied’ incidents on service desk each year
• Number of password reset requests on service desk each year
• Time spent to resolve service desk incidents
• Time spent on Password reset cases
Now cost savings can be calculated by considering reduced workload of following teams:
• Reducing cost on Security Administration staff
• Reducing cost on Service Desk staff
• Reducing cost on Provisioning/De-Provisioning teams (In case of Automatic Integrations)
As we also have operational data in numbers i.e. typical business user’s productivity, time required to get access, productivity of new user while waiting access etc., we can easily calculate following cost savings.
• Value of productivity increased due to the immediate access of new joiners
• Value of productivity increased due to the immediate access of moved/transferred staff
• Cost saved due to the time saved for requesters/authorizers
• Cost saved due to reduced service desk incidents related to ‘Access Denied’
• Cost saved due to Password reset requests for forgotten/locked passwords
• Cost saved due to proper de-provisioning of user accounts (User Licensing cost)
There can be a lot more scenarios, depending upon the organizational use cases and project scope, but hope it would be a good start to get approval of an IAM project.
