Measurable IAM benefits – an infrastructure task – Part (I)

Comments Off on Measurable IAM benefits – an infrastructure task – Part (I)

An investment decision for an Identity Management solution is not based on a “need-to-have” perception, but is increasingly oriented towards measurable IAM benefits: an increase in security levels and in the efficiency of identity administration.

The term “Identity and Access Management” (IAM) includes all aspects of the administration of digital identities. This is initially an infrastructure task which is indispensable to the proper functioning of an organization. It is also a management task, since these activities affect data security and the efficiency of business processes.

The administration of digital entities consists of their initial creation, the provision of identities as a reference (e.g. typically as telephone books), the allocation of digital resources (access control) and controlling their activities. Numerous detailed tasks, such as Password Management, authorization request procedures, administration concepts (distributed administration), the enforcement of security and data protection regulations as well as the synchronization of identities and their attributes in various data bases and directories all have to be taken into account within the framework of administration.

Using suitable administration tools can simplify or completely automate many activities

Routine activities affecting a digital identity’s life cycle, such as setting up a user account for a new employee, the allocation of resources, changes to resources allocations and the deletion of user accounts are all examples of administration procedures which can be extensively automated and are measurable IAM benefits. New employees are usually entered into employee data systems (e.g. SAP). These entries and changes (such as change of workplace) can be drawn on by the employee data systems and automatically turned into user accounts and access authorizations on different systems by provisioning systems (as part of an identity and access management solution). Experience has shown that more than 90% of these routine tasks can be automated. The automation effect is directly measurable. The time required for every administration task (e.g. 5 minutes per administration task) on every system is determined, and the savings are calculated using the average cost per administrator.

An automatic request procedure for identities and resources (workflow) reflects the enterprise’s requests approval procedure. Administration tasks which are not completely automated can be easily and comprehensibly performed in this way – providing resources to members of a temporary project group, for example. This electronic requests procedure saves on administration processes. Without this procedure, requested resources must be individually allocated to end-users manually and separately for each IT system involved (“individual authorization”) after approval. The requests procedure integrated into the Identity and Access Management System does this after electronic approval automatically, synchronously and for all connected systems, based on access rules or for thematically grouped bundles of authorizations. The measurable IAM benefits of this can be calculated from the savings made on the average number of individual authorizations.

Simpler rights administration through roles-based administration

For administration tasks which cannot be done completely automatically, or are done manually via an electronic requests procedure, a reduction in the number of administration processes can be achieved in the case of roles-based administration. Roles are bundles of authorizations instead of individual authorizations allocated to users. A roles hierarchy with rights inheritance mechanisms further in-creases efficiency.

Reduced burden on help desks through the use of Password Reset Self Service and Password Synchronization is anotherof the measurable IAM benefits. Savings can be particularly made here through a reduction in the number of calls to help desks. These can be easily established by multiplying the number of calls saved by the length of an average help desk call and its costs.

Easier auditing and reporting

Here the regular cross-platform reports must be distinguished from the ad-hoc reports. The savings can be calculated by determing the time required for reporting for each system for both types of report, and the time and effort involved in manual consolidation. Experience shows that using reporting on a cross-platform tool reduces costs by about 50-80%.

IAM benefits and monetary measurability

Fast provision of resources for internal and external employees can be critical for success (e.g. a partner needs access to resources for the issue of a joint business proposal). High costs can be incurred here if external employees are unproductive. Faster unblocking of blocked accounts (e.g. if a user has incorrectly typed in his password several times) reduces waiting times and increases productivity.

“Measuring an increase in efficiency is usually difficult!”

The situations in which employees are unproductive if they are unable to access certain digital resources must first be defined: This is hard to define in the case of internal (permanently employed) employees because it’s not usually clear how unproductivity correlates to the non-availability of resources. Comparative studies have also demonstrated uncertainties in the order of magnitude which should be used here.

High and clearly demonstrable costs can also be incurred if a new sub-contractor cannot work for several days due to lack of an account or authorization and is unproductive due to being stuck on one concrete task.

Automated processes enable service levels to be improved, due to faster help desk reaction times, for example.

Reduces superfluous user accounts: a central Identity Management System includes reporting functions which enable unused user accounts to be traced and deleted. This reduces outsourcing costs, particularly in the context of IT services, where the outsourcer’s bill is based on the number of user accounts. The savings can be easily calculated from the price per account and the reduction in the number of unused accounts.

Part (II) Mesuarable IAM benefits

After looking at the most important benefits of Identity and Access Management in this post I will continue with another post where I will especially be considering the increased security levels you can achieve with Identity and Access Management and its strategic benefits to the company. For more information on our IAM offering go to

Tags: |