Confessions of an IAM Survivor

written by
Erin Duncan
Identity Governance
May 15, 2020

Confessions of an Aging IAM Survivor

But first, why do so many IGA professionals brew beer? Pondering this life question as I adjust the delivery line lengths in the home made keezer to get the flow and froth just right from the new Perlick taps I mounted. Laptop on the nearby stool playing the last of 6 in-depth Clear Skye IGA training videos through my IQbuds2 MAX earbuds.

Image of Whale Beer

Young TJ, Clear Skye Co-founder and Chief Product Dude, sent over a couple of their recently developed training videos. “Teach an old dog new tricks in 6 simple videos” he poses in his slack thread. Challenge Accepted. It’s now night three playing and re-playing these. My world as I have known it is slowly being torn down around me.

I have been in the Identity space for over 20 years, primarily because it is interesting but also because there is good money to be made. Why? Deploying good IGA is hard! And having an enterprise realise value from an IGA implementation you have designed and seen through to realisation, is even harder. Many of you have implemented an IGA stack or two in our lives but ask yourselves one simple honest question “after x years the enterprise realised and continues to realise y value from my efforts?”. When one considers this question under a different lens what is value?

For some, the value was the months dedicated to building out infrastructure to house this newly acquired additional platform. Or maybe you were leveraging a containerized cloud-based infrastructure configuration we can orchestrate according to load, that spells modern and progressive in one sentence. Yes, we have to manage it, but we can implement associated cool tooling in cloud to assist with that and buy additional SecOps tooling to make us more efficient. Maybe value is the hours I put into developing the underlying extensible meta-model on platform x, and then syncing and transforming all that data to it, just to realise an entity type I could manage? Why wasn’t one of my existing meta-models leveraged? Well Mr. Customer, the data model we are developing is special, and we don’t have all the required data in one place in the way this IGA stack needs to read it. Better get on with it then. Or was the value understanding all those rules and hierarchical models then developing policy allowing me to apply a managed RBAC model over the top of provisioning, just to have those rules all change in front of my eyes.

Lifecycle Management is simple. Something is born, it lives, then it dies. Some believe in reincarnation so we should leave the door open a little for that should it happen. There are people along the way wanting to attest to, report on and test against policy, parts of the lifecycle. There are those keen on automating parts of the lifecycle, there are those wanting to ensure lifecycle management is not equal to trust.

But what if we don’t build that infrastructure? What if the model already exists? What if the policy was adapted from that already existing? And what if we didn’t have to hand over a wheelbarrow of cash to buy yet another platform to manage it all? What if we used existing developers in our existing ITSM world and all lived harmoniously delivering lifecycle management with all its nuances?

So while I got the back pressure across 3 meters of 8mm tubing just right for the perfect head on my home brewed hefeweizen or IPA, I had an epiphany. Do we need to approach IGA the same way we approach home brew?  Mind you I make the best in the world but home brew is a hobby, not a crucial security programme. Gartner talks about “Post Modern IGA”. Listening to this training helped me see what that could mean.  In all my years in Identity, I have seen the KISS methodology thrown out the window time after time. It’s time to learn new ways, and by joining forces with the guys at Clear Skye and changing the way I think of myself (seems I’m not that special after all) this old dog will certainly turn a new leaf in the way in which he presents IGA to his clients in the future. There is a better way!

share on

Related Posts

Take a Self-Guided Tour

Personalize your own on-demand demo to see how identity security built on ServiceNow works.