Off late I have been having conversations with customers and colleagues centered about the following - is identity management a necessary evil -from a compliance /security and governance perspective or can it actually stand-alone in value proposition (like CRM systems, HRMS etc).
Usually, identity management software is implemented NOT because the business wants to achieve efficiencies first - but mainly because of the various audit requirements that current laws of the land requires.
Will implementing an identity management solution still be useful - if ALL the security and audit requirements go away. If so, what is the ROI for a business post identity management rollout.
I see the following as issues that will support a ROI model for identity management
- Efficient on-boarding/off-boarding/re-boarding of users - productivity cost associated with these activities
- Password management related activities -Self-Service password management, password resets etc - Cost associated with help-desk
- Paperwork reduction based on electronic approval - very soft cost item
- Rogue account detection that enables license management - Cost is a function of various application licensing matrixes
The questions that arise in my mind based on this issue list is:
- Will this be ENOUGH justification for a CFO to go write a check for identity management deployment?
- What should the vendors be doing in trying to ADD value to the identity management offering that it becomes more of an enterprise business software product and less of a Security software product?
I will post more on this shortly
