Roadblocks

Many organizations will fail in their efforts to create an IMA. The following is a partial list of roadblocks that might thwart your attempts in your enterprise.

Mistrust

This is a significant problem in many enterprises. Years of poorly managed projects and expectations may have left business units with antipathy or even hostility toward the IT organization. IT organizations, being made up of human beings, respond in kind. The end result is a dysfunctional situation that sinks any proposal from IT.

You will need to decide whether the process for creating an IMA is one that will help mend that rift or whether other, more fundamental steps need to be taken first.

Fear of loss of control

This fear is often expressed as something else, such as lack of support. IT organizations may fear that they are giving up control of decisions they've always made (like those surrounding security) to business units.

Business units may fear giving up their data. For example, if HR has always maintained the employee database and you start talking about creating a metadirectory where multiple players will have access to or, heaven forbid, the ability to change employee data, you're likely to get significant push back.

Part of the process of creating an IMA is aimed directly at giving everyone a voice and being able to work through these fears. The process should be targeted at creating consensus around key principles regarding identity processes and data, and how they're managed.

Inexperience or lack of training

Being successful requires that everyone understand each other and have a common vocabulary. Beyond that, and perhaps more importantly, each player in building the IMA must have a common set of goals and ideas surrounding what the organization is trying to achieve. The coming chapters addresses these problems.

Compulsion to over plan or find the "best" methodology

"Paralysis by analysis" is perhaps a cliché, but it is nonetheless a very real phenomenon. The roadmap presented in this book offers ample opportunity to get caught up in the process and to cycle over and over on certain points, searching for the perfect process or 100% consensus. Equally deadly is the belief by some organizations and people that success is a product of the methodology, rather than the people and their goals. The process presented here offers considerable room for creating and refining process and methodology. Some organizations get lost in creating the process and never get around to implementing it.

The solution to both these problems is twofold. First, you should have a completion goal set by a high-level executive, the CIO or perhaps even the CEO. Second, the leader of the IMA process must be strong and driven to completing it. At the same time, the leader should be sensitive to fact that the process is designed to bring people to a common understanding about how identity is managed and therefore takes time.

Severe, chronic resource shortages

If your IT organization can't seem to finish projects, has far too many critical projects for the available resources, or has a significant backlog of critical projects, then this should raise a red flag. Finishing the IMA and bringing the identity infrastructure into compliance will be impossible under these circumstances. The IMA will be looked on as one more project, piled onto the already overwhelming burden. Equally important, the business units will not likely see the architecture as a realistic project and consequently not give it the attention and resources that it requires.

The best plan in this circumstance is to attack the more significant project-planning problem head-on and return to identity management once more pressing problems are in hand.

Arrogance on the part of the IT organization—the "we know best" mentality

Let's face it—IT organizations are filled with people who think they know the answer to every problem. I've often joked that programmers and system people are even more inclined than lawyers to thinking they can do anything. Part of the reason for this mentality is that they are, in fact, usually quite bright, and their positions often insulate them from the messy realities of customers and making a profit. This is a blessing and a handicap. The blessing is that they are a source for good ideas and innovative thinking. The handicap is that they frequently express their ideas with less tact than you'd like, and they can decide that they'll force things to happen their way regardless of what people in the business units think.

The process of creating an IMA can help alleviate this problem, as it brings some of these IT people into close and frequent contact with their customers in the business units. Make sure that the thought leaders in your IT organization are part of the process so that they can help convince others of the value of an IMA. Also, be prepared to take appropriate personnel action against those who repeatedly torpedo the process.

Corporate politics and players with other motivations

This is a roadblock that you will have to deal with as it comes up. Unfortunately, you may not understand the motivations of others who fight against you well enough to effectively counter the problems.

The most effective solution is to try to understand the motivations and see if there's some way to reach a compromise. I've been in situations where I never could understand the rationale behind the motivations of others, and no amount of talking led me to a situation that we could both live with. In those cases, the only thing to fall back on is the commitment of executive leadership to the process. This stresses the need to pay close attention to receiving that support and commitment as conspicuously and unambiguously as possible.

Fixation on short-term return on investment (ROI)

Many leaders in IT organizations and business units are overly concerned with short term ROI. That's not to say that ROI is unimportant or that it can be ignored in creating an IMA. Even so, a review of the benefits from the previous section will affirm that many of them are not directly monetary. The benefits from an IMA are not predominantly returned as immediate savings, but as the long-term enablement of new business processes and models.

Be sure not to oversell an IMA as a solution to problems that it will not solve. Be realistic. If executive management can't be convinced by the real benefits, properly explained, then your organization probably isn't ready for an IMA.

Acceptance of the status quo

Some people like how things are and don't have a significant motivation to change them. Overcoming this roadblock will probably require a long and careful campaign to show why the status quo is not as rosy as everyone thinks and to paint a vision for what might be. Don't underestimate the length of time it will likely take to overcome unrealistic satisfaction.

Recent visible failure at IT planning

If your organization has recently attempted a large IT planning exercise that failed, particularly one where the business units were heavily involved, the IMA process will be met with stiff resistance.

This is one problem that only time and several small and medium successes will overcome. A scaled-down process may be a route you can take.