Supporting organizations in selecting and implementing Identity and Access Management technologies: The IAM Services Assessment Model

This chapter investigates how organizations can be supported in selecting and implementing Identity and Access Management (IAM) services. Due to the ever growing number of applications that are being used in organizations, stricter regulations and changing relationships between organizations, a new approach towards loginand password administration, security and compliance is needed. IAM services claim to provide this new approach. Unfortunately, IAM selection projects have not been very successful in the recent past. Therefore, this chapter presents the IAM Services Assessment Model which provides a useful and usable tool to support organizations in the selection and implementation of IAM services. INTRODUCTION During the recent decades, organizations have changed tremendously. One of the most important changes has been the mass-computerization, which has forced organizations to change the way they operate. This mass-computerization has been one of the most important enablers of the ongoing increase in both the size and the complexity of organizations. It is self-evident that those developments have had a wide range of consequences. Most have been positive, but during recent years some negative consequences of those developments have surfaced as well. Some of those negative consequences are related to the way organizations manage identities and the access to their buildings and their IT-infrastructure. To deal with those negative consequences, the way in which the identification and authentication for access to an application is organized needs to be changed. During recent years, several major IT-suppliers like Oracle, IBM, Sun Microsystems, Novell and CA have introduced IAM systems in order to support organizations in doing so. An article on the website of Wall Street Technology (Wall Street Technology, 2008) reports that a new research from Forrester estimates the market for IAM solutions to grow more than 20 percent over the next years. The total market is expected to grow from 2.6 billion dollars in 2006 to more than 12.3 billion dollar in 2014. Despite the fact that these figures show that a growing amount of organizations is planning to implement IAM technologies, efforts to select and implement the right solutions have proven to be little successful (Becker & Drew, 2005). Therefore, the question arises if there is any way in which organizations can be supported in making the right decision with regard to the type of IAM solution they should implement. This chapter is aimed at developing a method to support organizations and their consultancy partners in effectively and efficiently selecting the right tools to cope with the challenges they have identified in the field of Identity and Access Management.