Light Dark
May 23, 2019 By Marc von Mandel 4 min read
Identity & Access

co-authored by Jill Dhillon

Every chief information security officer (CISO) knows that identity and access management (IAM) is a critical component to safeguarding the organization’s systems, data and applications from unauthorized users. But IAM programs are becoming increasingly challenging due to the complexity of more devices, applications, information, users and data privacy regulations.

Organizations need new and innovative solutions to these challenges and a way forward to develop tools that will meet user needs, provide long-term business value, reduce IT management costs, enhance employee productivity and increase compliance efficiency.

Apply Enterprise Design Thinking to Identity and Access Management

I sat down with Jill Dhillon, global director of Enterprise Design Thinking for IBM Security, to talk about how organizations are using Enterprise Design Thinking to uncover and solve modern IAM challenges. Here’s what she had to say.

Question: How can clients use Enterprise Design Thinking to uncover modern identity and access management challenges?

Dhillon: Enterprise Design Thinking helps us identify the right problem to solve. So, in other words, we start by framing the problem to generate alignment and begin the work. How do we frame the problem? One option is to take a stakeholder mapping approach, which will include sponsor users who are experiencing the challenge.

We conduct user research and bring the insights into the design thinking session where we collaboratively refine the problem statement further if warranted. We move forward from there and dive more deeply into the problem as a group, then use a variety of structured, highly interactive activities to prioritize ideas and ways to solve the problem.

How does Enterprise Design Thinking build stakeholder buy-in for these new and innovative ways of managing identity?

With complex technological environments, often teams don’t have the opportunity to cross-communicate or collaborate deeply in a real-time sense. They are working in silos, and often asynchronously. Whether it’s executive leadership, middle management, engineering or people who are client-facing, there can be impacts and barriers to progress. Enterprise Design Thinking allows us to dissolve those silos, listen to one another and craft solutions collaboratively in an accelerated way. Engaging users is an additional stage we infuse when we practice design thinking as it enables us to learn about their current experience and generate tremendous amounts of insight, which influences the solution design.

The approach also affords an anonymized, democratized way of sharing points of view. So, for example, if a stakeholder has more information than another stakeholder or a leader has a specific target or agenda, it gets shared, discussed, diverged and converged with other points of view. The approach enables alignment where all expertise and supporting data is leveraged and considered through use of the design thinking framework. We have a chance to talk about these points of view, pull them apart, put them back together and then come up with a game plan that makes sense based on all the dynamics and all the information that comes forward in the process.

In terms of IAM, so many of the challenges can be addressed in a programmatic approach. Enterprise Design Thinking allows stakeholders to see into the various levels and co-create solutions that are needed to get the whole IAM program to work. It’s about dissolving the silos, working collaboratively and getting a line of sight into the entire end-to-end experience for IAM.

How would you start an Enterprise Design Thinking for IAM session for a client?

We start with the client innovation teams and collaborate across the organization with all subject matter experts. This session focuses on strategy which results in a programmatic approach and phased road map with specific activities and tasks required for implementation.

A key success factor for any design thinking initiative is enlisting executive sponsorship. Programs are most successful when these leaders are highly visible, collaborative and willing to provide feedback on an iterative basis. IAM leaders and their stakeholders are usually eager to participate because they co-create solutions and actionable takeaways with owners, as well as accountability. They learn about barriers, how to manage risks in a more informed way, and how to build communication channels with direct and instant feedback. It accelerates everything for the organization, helps enable change management approaches in new ways. There often are much higher levels of success, such as quicker implementations, reduced risk and cost savings.

We had a client recently that had a pilot in flight. They wanted to host a series of design thinking sessions to bring more subject matter expertise to the table, calibrate the pilot, learn how users were experiencing it, how they could expand the pilot in future release cycles. In just a couple of days, with about 15 people supported by good workshop design, this client said they would have never been at this stage or accomplished all the strategic work without Enterprise Design Thinking. It would have taken them months or even years, and they wouldn’t have had all the insights that led to a highly improved next iteration.

So, Enterprise Design Thinking was an accelerator and provided a feasible action plan. It’s all about feasibility in relation to impact and solving pain and inefficiencies. When you have a workable action plan, you can align resources for future implementations.

Ultimately, it’s people that are designing the technology, and we need human-centered design when solving problems. The more direct user insight we can bring into the sessions, the more effectively we can solve the challenges with people, process or technology. Often, we’re working with the context and complexity of all those dynamics at play. They are addressed as part of the overall solution as well.

Innovate to Solve Modern IAM Challenges

With Enterprise Design Thinking for IAM, security and IT teams can uncover and solve modern IAM challenges in an innovative and unique way. The framework guides stakeholders to focus on framing the right problem and collecting valuable insights from users and helps craft more effective solutions collaboratively.

Design an IAM program optimized for your business

 |  |  |  | 
Marc von Mandel
Product Marketing Manager, IAM & Product Professional Services

More from Identity & Access
October 23, 2023

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

September 13, 2023

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

August 1, 2023

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature