Many Identity Management efforts –including large programmes– are severely limited by the way organisations perceive their requirements. Demand for change and technology upgrades drive the IAM projects while Security and Business benefits are left in the background or even ignored.
It is evident that IAM is still seen primarily as a “technology” to improve user experience or resolve provisioning issues, but not as part of overall transformation or as enabler of the Digital Agenda. To address these issues it is necessary to explain the multiple areas where IAM is relevant, in particular contributing to Risk Mitigation and business transformation.
When working on IAM or more generally Security programmes, a Risk and Trust management perspective is essential. It is important to cover all aspects of the problems we want to resolve so that organisations move beyond their initial focus on technology and user management. To do this, I propose an “expanded frame” where Risk and Trust are correlated and where Identity management objectives can be seen in the context of business strategy. The attached slides present this approach, based on previous work which you can find in this website.
The following slides summarise the expanded Risk and Trust Management Frame.