Yes, most identity and access management (IAM) companies are trying to convince current Sun Identity Manager customers to migrate to a different product since it is near end-of-life. Migrating to a next generation identity management software solution would be a very smart decision because there are certainly major benefits to moving away from a legacy solution. Because of the dramatic evolution of identity and access management software over the past few years, it would be foolish to invest in old-school technology that is overly complex and unable to adapt easily as the business changes. Therefore, this is definitely an opportunity for existing Sun Identity Manager customers to improve security and minimize operational issues while empowering business users to own key aspects of security.
Let’s face it, in many areas, an IAM migration project will almost feel like starting from scratch, but the experience gained from implementing and living with a legacy identity management product should help ease the transition to a next-generation solution. I believe there are definitely aspects of a migration that can be made easier the second (or third or fourth) time around, but going for extra credit is where true business benefits are realized. Below, I discuss efficiencies that can be realized during a migration along with key identity and access management extra credit areas that should NOT be forgotten when embarking on a new project.
Migration efficiencies… Even if your existing solution does not technically address all your current user provisioning needs, you should have a good idea of your company’s core needs as well as current gaps. Revalidate the onboarding and offboarding requirements to ensure the new solution is configured properly (yes, I said “configured properly“ because if you choose a development platform where you need coding, you have chosen the wrong solution to meet today’s identity governance needs).
Extra Credit… Now that you have chosen a next-generation IAM solution, you can take credit for solving broader business-related onboarding/offboarding issues. Information security and IT folks need to go to the head of the class and truly solve business identity issues and not just technology identity issues.
“This means reaching out to HR, physical security, asset management, legal, etc. to find out what manual identity processes can be addressed with next-generation identity and access management automation and workflow capabilities.”
- Existing application access requirements such as group memberships, distribution lists, database entries, account mapping, etc.
- Workflow requirements defined per application/request type along with the appropriate approvers
- Existing entitlement data should exist in the old solution which can be easily migrated to the new solution
- Internal audit controls ensure compliance requirements
- Notification email templates and wording used throughout the solution
Extra Credit… To realize the full benefits of an identity and access management solution, you should truly broaden the term “access” in access management to include “access, assets, subscriptions and any other service an identity may need.” Next generation access management software places no limits on what the user can request, and if the request relates to technology, the solution should automate the execution of the request by integrating directly with the target system. This allows for an “actionable” business service catalog that functions as a one-stop shop for your identities. Add this level of capability on top of the legacy application access management system, and you will truly be an A student in your organization.
You Don’t Need To Pay For Harvard If You Just Need A Course On Computer Science… While your organization may have an enterprise agreement with a major software company, by no means should you assume their IAM solution can address your organization’s unique needs around identity and access management. History has shown that this can be a recipe for project cost overruns, unfulfilled security goals and operational impacts. There are many fine best of breed providers out there offering some terrific innovation. We’re certainly one. Do your homework and find a company that offers the right course for you.
Follow Ryan Ward, Avatier Chief Innovation Officer and Chief Information Security Officer, on Twitter at https://twitter.com/ryawarr
Avatier Identity Enforcer is the world’s first IT store for self-service provisioning and automated user provisioning workflow. With Identity Enforcer business users can request and receive access to the assets and applications they need via Avatier’s access management software. With the IT Store, business users can request and receive provisioning as easy as shopping online. Watch the video:
Get the Top 10 Identity Manager Migration Best Practices Workbook
Start your migration from legacy software with the Top 10 Identity Manager Migration Best Practices Workbook. Use this workbook to think through your information security risk before you transition to next generation identity manager software.