Conclusion: Dispelling IMA Myths

I hope that this book has given you evidence of the benefits of proactively managing identity, information about the technologies available for doing so, and a methodology for building an interoperable identity infrastructure in your organization. Still, as you contemplate the work involved in creating an IMA for your organization, you may have some concern that it can really work. If so, you may still believe some of the myths about digital identity and enterprise planning.

The first myth goes something like, "This is great for a smaller organization, but we're too complex for this level of planning." The truth is, the more complex you are, the more you have to rely on interoperability to get strategic value out of identity. Without interoperable systems, you'll find that even the smallest of tasks become huge projects, because they have to be fit into the ad hoc infrastructure that has grown up. Fight this myth by creating a vision and piloting the IMA in a self-contained business unit.

The second myth is just the opposite: "This is great for a larger organization, but we don't have the staff or time to manage this effort." The IMA process can be adapted to even the smallest of organizations. This book has described a process that can be scaled to fit most situations. In small organizations, the IMA effort is made easy by the fact that there are usually a few recognized decision makers and the group arrives at consensus fairly easily because of shared goals. You may already have a good handle on process and identity data, so start with an interoperability framework and some baseline policies. Build a reference architecture and follow it. This will provide a good foundation as your business grows.

The third myth is a variation on the second: "An IMA is great for an organization that has a tradition of planning, but we've always prided ourselves on being nimble." In fact, most organizations that can say this with a straight face do plan, they just don't recognize it as such. The prescription is largely the same as the last myth: don't build a straightjacket. Make the governance process fit your traditions, but set standards and policies to guide system development.

The fourth myth says, "We'll spend all our time planning and none of it executing." This myth misses the point that the IMA should be built to fit the organization and its needs. Pick the places in your organization where having good identity infrastructure would make the most difference. Engage in an IMA process for that piece and then repeat on the next priority. Whatever you do, do something.

The last myth is common in many IT shops: "Interoperability is about buying (or building) the right technology." Many technologists wish this were true and act as if it were. The result is a litany of failed projects that never meet their goals, because they missed the important governance and modeling steps necessary for success. Smart CIOs and IT managers know that good IT is much more than buying the right product.

You'll probably hear other objections as you move forward. Listen to them and tackle them head on. The important thing is to adapt the ideas in this book to your organization while never losing site of the goal: a flexible and interoperable identity infrastructure. Remember that flexibility and interoperability are products of an environment that guides decision making. Create that environment, and you'll get an identity infrastructure that works for your business.