Automating Broken Processes: The Importance of Fixing the Foundations

As an identity professional with over 24 years of experience, I've witnessed many attempts to automate processes, especially in the realm of identity and access management (IAM). Early in my career, I often told customers that with enough time, money, and ambition, we could make any product or solution work the way they wanted. This mentality led to widespread automation in many organizations, sometimes without truly evaluating whether the underlying processes were effective in the first place. And the honest truth? Automating a broken process is a path to inefficiency, no matter how sophisticated the technology behind it.

Understanding Identity and the Role of Process

In the world of identity management, processes like onboarding, offboarding, and transformations are fundamental. As identity professionals, we’ve been automating these processes for decades, and they’re consistent across most organizations within similar industries. Yet, the issue many organizations face is the lack of introspection into whether these processes are still effective or whether they need to be revisited and optimized.

Far too often, I hear clients refer to their onboarding processes as "unique" or like a "snowflake", thinking that their way of doing things is special. The reality, however, is that most organizations within the same vertical have similar processes. And if you challenge the norms, you’ll often find that onboarding—or any other process—could benefit from streamlining and adopting best practices.

Automating the Right Way

The key to effective automation is ensuring that you are not simply automating a broken process. The goal should always be to first fix inefficiencies before layering automation on top. For example, if you're working in security operations (SOC), you may be building playbooks to automate responses to security events. Or, if you're part of a cloud team, you may automate the provisioning of environments or devices. Regardless of the domain, whether it's identity, security, or cloud management, automating a flawed process will only make things worse.

In my recent article on orchestration, we focused on integrating and automating processes in a way that supports real transformation. In this article, I want to emphasize the importance of building secure, optimized processes before introducing automation.

A Three-Step Approach to Process Improvement

So, how do you avoid automating broken processes? Here’s a simple, three-step approach to building effective processes:

1. Identify and Isolate the Process The first step is to clearly identify the business process you want to audit and automate. Is it onboarding? Offboarding? Event management? Whatever the process is, you must first understand it deeply before taking any action. Analyze how it works today, identify pain points, and determine whether it meets the organization's needs.
2. Get Expert Input The second step is to involve individuals who have expertise in this space. If you’re dealing with onboarding, talk to HR teams or other departments that have experience managing onboarding processes across multiple organizations. By crowdsourcing knowledge from those who understand the process, you gain valuable insights that might be missed otherwise. This step is crucial, especially if you're a consultant or an external party tasked with optimizing a client’s processes. Ask how often they’ve implemented this process in your specific industry or vertical. This step is all about gathering information from those who know what works.
3. Benchmark the Process Finally, once you’ve gathered input, evaluate what the process should look like. Benchmark the process against industry best practices or examples from similar organizations. This step is crucial for moving away from the “snowflake” mentality — common organizations often share the same challenges as others in their field. Identify opportunities for improvement and design a process that is both efficient and scalable.

Conclusion: Automate with Purpose

Automation is a powerful tool, but it’s only as effective as the processes it’s applied to. If you automate a broken process, you simply created a broken automated process. By taking the time to evaluate, fix, and optimize your processes before automating, you can ensure that automation delivers the intended results—improved efficiency, reduced errors, and enhanced security.

?

So, before jumping into automation, remember this simple truth: Fix the process first. Only then should you consider automating it. Once you have a clear, streamlined process in place, automation becomes a tool for scaling efficiency rather than embedding dysfunction.

In conclusion, the best automation comes from understanding the fundamentals, seeking expertise, and benchmarking against proven practices. If you invest the time in fixing what's broken, your automation journey will lead to long-term success rather than short-term complications.