Companies are taking an “identity centric” view of IT controls and making investments to . However, not all investments are successful. Over the last few months, I have spoken with multiple industry leaders at conferences, interacted with prospects during demos and worked closely with customers during implementations. Every so often I get to hear about failures security leaders had with in their career. While the list of reasons for a particular project failure can vary, I do see a recurring theme across most botched implementations.
Complexity & Cost:
Today’s human or service identity sprawls across cloud, , BOT etc. User identities exist in different forms within different systems and the governance solution has to synchronize these and provide a single identity for each business user. For example, procurement may have an expenses system that uses email address and password, and marketing may use active directory login credentials to authenticate users into their system. With these complex technological environments legacy off-the-shelf solutions need extensive customization to accommodate today’s identity use cases. Projects are sold on implementation prowess of the consulting team and grand vision.
Lack of Adoption:
The success of any product relies on its unanimous adoption by end users, and identity solutions are no exception. The solution should make life easier for the users, not harder. Many product companies mistakenly believe product features and customer needs are the same. I don’t remember the last time I used many preset cycles on my washing machine? Identity products are not any different. Users hate cluttered interfaces and features which dazzle but rarely add any value. Many vendors in their haste to improve upon the Minimum Viable Product (MVP) extend the basic functions, and end up with a product that does many things. The essential function gets lost. Unfortunately, this extensive functionality challenges end users to memorize all the capabilities and features the platform provides. Inertia sets in, and the adoption stops. There is no dearth of examples where governance solution “went live” but was inevitably scrapped for the previous status quo, usually an Excel and SharePoint solution.