In order to get projects approved during this economic downturn, many IT directors have to demonstrate an almost immediate return on investment. I have heard of projects not getting approval unless ROI can be demonstrated in six months or less. The good news is that there are some pockets of low hanging fruit in identity management that have a very immediate ROI. But keep in mind the old wisdom of “think big — start small — grow big”. Ideally your quick wins should lead to a broader, transformative strategy to deliver more value.
Consolidation is always a good start. This can save money in staff time, server resources, licensing and support costs. For ROI calculations, the licensing and support costs will usually not translate into savings until a later date, but savings in staff time and server resources are usually immediate. Consolidation projects are also a vital step to get your house in order for a broader strategy to improve efficiency.
This is a good time to review the number of identity data silos in your enterprise and think about consolidating some. One way to do this is with virtual directories.
Often applications are installed with their own directory server. Identity data is then duplicated through provisioning systems or synchronization mechanisms. Virtual directories can help eliminate some of those extra directory servers by allowing multiple applications to have multiple “views” of the data while connecting to the same physical data source.
The Evergreen: Login and password simplification
Most users have a problem with passwords. Not only do they tend to forget them and then need to be helped by service desks to reset passwords, but it becomes exponentially worse when users have multiple different passwords that need to be remembered and changed at different intervals. It should come as no surprise that projects that simplify the password mess are highly visible. The ROI is also well documented. However, comprehensive single sign-on is complex, lengthy and expensive to implement.
When password simplification is done in smaller steps, however, the value can be immediate. Because this has high visibility from the standpoint of the users, the perceived value is usually significant. Focus on eliminating either additional passwords or sign-ons. For example, if two systems are using different passwords, you can think about a password synchronization between the two. If you already have a single sign-on system, there might be the possibility to add applications.
Roles and groups are used to give access to resources and allow users to do things. As more applications are deployed, the number of roles increases.