How to begin building a modern IAM architecture: Part 4 of 4
Congratulations Reader, you’ve made it to the last of part of my four part blog series on enterprise patterns for modern IAM! The journey started a few weeks ago in which I discussed principles that inform this approach to modern IAM. We then moved on to exploring ways to optimize controls for different kinds of systems that modern IAM needs to protect and enable. Last week we explored a notional architecture for a modern IAM architecture. And this week we end at the beginning or, more accurately, how to begin one's journey to building a modern IAM architecture in their own organization.
How to begin
Delivering the kinds of dynamic IAM capabilities the modern enterprise requires will not happen in a single step. One does not simply wave a wand and transform their existing IAM architecture into a modern one… nor will replacing a single component in that architecture transmute IAM tech debt into a future proof solution.There are several steps one should consider taking:
领英推荐
Perform a “Four Component” analysis
As an exercise to better understand how to categorize IAM capabilities, I proposed that all IAM architectures had four components: policy, data, orchestration, and execution. Additionally, I proposed a way to walk through one’s IAM infrastructure to identify what capabilities were applicable at which times of use, as well as which capabilities were ripe for augmentation versus those that were ready for replacement. Performing such an analysis is a useful, early, step towards enacting the kinds of change needed to deliver more dynamic IAM capabilities.
Evaluate data management capabilities
To build the kind of data tier needed to power a modern IAM infrastructure fit for a dynamic enterprise requires more formal data governance and management capabilities than most IAM teams have on their own. Until such time as fit-for-purpose IAM data tiers exist in the market, IAM teams will need help. Security peers might have some insights from their experiences working with security data lakes. More likely, IAM teams will either need to enlist the services of enterprise data teams, if they exist, or cultivate data skills internally. Regardless, IAM teams should evaluate what their own capabilities are, what enterprise data platforms are available to them, and where they can get help within the enterprise.
Software Engineering Leader | Application & Platform Development | Expert in Cloud, Security, IAM, and Digital Transformation | Fintech & Healthcare Technology | Cultivating High-Impact Teams
4 个月Love this, captures the clear and concise path
CEO at AKA Identity | Creator, Catalyst, Community
4 个月Thanks for clearing the path on how organizations can build a modern IAM program! - Perform a “Four Component” analysis - Evaluate data management capabilities - Build an event-based “sensing” network