I just finished watching a webinar about Future Proofing Identity and Access Management. Lots of good thoughts, but one of the key things I took away, which was never explicitly addressed during the presentation, is that somewhere between 50-70% of the time was dedicated not specifically to IAM/PAM, but to the difficulties almost all organizations have in getting projects across the finish line.
Unclear scope, problems with team cohesion, lack of early buyin of all departments involved, resistance to change after a project is partway finished, etc., are all problems regardless of what technology is being addressed. Also critical is that most projects are not as freestanding as we would like to believe. A particular technology such as IAM/PAM is dependent on, for example, SSO, which might not even be involved in the IAM discussion because it's seen as separate.
There aren't any magic bullets to fix this, but it does suggest that no significant IT/IS project should ever be undertaken without continuous access to a resource with really good project management skills. Whether that's a part time person out of the PMO or that's a person from IT/IS with some good cross training has to be determined and will vary from organization to organization and in some cases from project to project.
I want to make a callout to @Guidepoint Security for a great monthly series of webinars on various topics. There's no way anyone in cybersecurity can be an expert in everything, or even most things, but we all benefit from having enough knowledge to understand what someone else is telling us.
No comments:
Post a Comment