Governance for Identity Management
This morning I read a Burton Group white paper, “Survey: Getting Started with Identity Governance Management.” Here are a few key items I gleaned from the paper.
Based on Burton’s small survey (20 companies), it appears that some form of governance is in place for many Identity Management initiatives, but ownership of such governance is often unclear and methods for measure governance effectiveness are usually not in place.
Strong governance teams help increase quality and reduce risk. Identity Management governance requires strong leadership. Governance structures should fit the culture and principles of the organization.
Key elements in establishing Identity Management governance are:
- Finding a senior management advocate or sponsor.
- Finding an owner with responsibility and accountability.
- Building a core team including:
- A techie to answer the question, “Is this technically possible.”
- A business process guru to provide information about business processes
- A realist/skeptic to ensure goals are realistic and achievable
- An auditor, to ensure that decisions and policies comply with regulations that may be imposed on the organization
- Building a cross-functional team that includes representatives from all stakeholders, including:
- IT decision makers and technical leaders for directory, networking, e-business and application development
- Information Security management and team leaders or architects
- Human Resources management and team leaders or architects
- Data owners
- Application owners
Properly implemented, governance structures for Identity Management should increase quality, improve response times, reduce incidence of support issues or non-compliance, and increase stakeholder satisfaction.
Tags: Identity
Digital Identity
Identity Management
Governance
Burton Group