I just realised it’s been a year since I last actually did work for a company that actually paid me for my Identity and Access Management skills and expertise. Sure I have written a few articles and training courses for pocket money, but mainly I have been enjoying working on my farm and renovating the ‘Maison de Maitre’ and the various outbuildings here in the Limousin area of France. So when my daughter got married in London last month I made a point of stating my profession as ‘sheep farmer’ to the registrar, even though my daughter urged me to state my profession as ‘IT Security Consultant’. What would you do if you had a choice?
Actually I am listed in several French professional directories as ‘Chef d’exploitation’ of my steadily growing menagerie of farm animals. I even do identity management of sheep, as of course all large farm animals in France are chipped with RFI ear tags. Even my donkey foal just had an identity chip inserted under the skin of her neck, similar to what the vet did with our family dog, when it got its pet passport. If only it was so straightforward managing Identities in large companies.
To be honest I had expected to pick up one or two short term IAM consultancy assignments by now and it is not for the lack of trying by the numerous head hunters, who have picked up on the fact that my CV is out there on Monster, JobServe etc.
So why have these numerous inquiries about my availability not been followed by firm offers of contracts? It is about this subject that I would like to muse a bit today: Could it be I am just not as hungry and aggressive as I used to be? Daily rate expected unrealistic in the current economic climate? Too content and smug with my new life style perhaps?
Living on a farm in a lovely rural setting does give you a biased perception of the rat race, to be sure, but maybe also a worthwhile different perspective, applying common sense values and husbandry rules that farmers haven’t forgotten, but city folk have?
I make an analogy with things that are wrong with the banks and their obsession with short term gains in the stock market. For instance I can see how a market in cacao futures could provide market stability and be good for cacao farmers and Cadbury both, but can it be right that city speculators sometimes trade more of the virtual stuff than is actually grown worldwide? They could never take physical possession of the tonnage that they trade on ‘paper.’ A farmer would never order more food than he can possibly store, but bankers would if their bonus depended on it. In doing so, they drive up prices for everyone and that’s just misusing our pension funds as if it was monopoly money.
Maybe the city’s obsession with short competitive battles and market gains has spread like a virus and loosing sight of long term strategic objectives and their actual role in society has spread and is now endemic in most European businesses? I know I am digressing slightly, but I am trying to make an analogy, that also is valid in Identity Management projects.
I connected these dots for myself after attending, out of goodwill, a one day strategic workshop of an IT services company that professed wanting to be ‘the most successful SAP implementer in the world, including of course implementing SAP NetWeaver IDM, which my previous company MaXware sold to SAP in 2007.
Jokingly the workshop was billed as ‘Global IDM dominance’. This reminded me of IBM’s dominance in the mainframe business at the end of the sixties. After all from that era comes the saying, no one ever got fired for buying IBM! Now achieving a similar market position when it comes to successful SAP IDM implementations surely would be nice to achieve for a systems integrator? But how to go about it?
I jotted down some ideas to take to the meeting, like investing in skills by taking up young graduates and immersing them in our world class methodologies. Build training facilities and sand pits to hone their implementation skills, before sending them out to paying customers. These are of course long term investments, with no immediate pay-back. The kind our banking friends are no longer keen to finance.
Soon in the meeting it transpired that the company had taken on more IDM contracts than they could reasonably expect to handle. The sales department was perhaps too successful? What they really wanted is to head hunt, as fast as they could, skilled implementers from the competition at any cost and fulfil their contractual obligations. Sure that would solve an immediate problem and look good on the company books, but is this a viable long term strategy for global IAM dominance I wondered?
If there was a possible future role for me, it seemed, it would be after they recruited all these immediately billable IAM high flyers and there would be some time for team building and skills transfer from an old hack like me. By such time these prima donnas however, risked being poached by the next integrator in dire straits.
So here we have an IT services company that sees the potential of the growing IAM market, but what about end user client organisations? Here again budgets are tight and when the Identity and Access Management project after many months or even years gets the go-ahead, management often expects instant results.
Given the choice between an experienced and expensive older IDM consultant and a young IT consultant, fresh from his/her last IDM implementation from their preferred vendor, their instinct is to go with the guy with the recent ‘hands-on’ skills and hope for a miracle.
There is a real risk here of course, that this bright technician and IdM wizard, spends the first weeks twiddling his thumbs on the job, because there is no agreed IAM architecture document, no IAM requirements specification, no agreed RBAC role model, no business processes documented that can easily be implemented in IAM workflows.
By putting all this responsibility on the shoulder of one single member of staff, the organization also creates ‘a single point of failure’. What if he is run over by a bus?
And has this person really the time or inclination to properly document his programs?
A one man band IdM team can lead to poor, stakeholder management, infighting between rival IT camps in the organisation and another false start or even total project failure, giving IAM projects a bad reputation with CTOs and CFOs. One of the first things I learned in business school about IT in the seventies is ‘organise before automation’. If you don’t you get automated chaos!
In conclusion, it is my contention that companies at the start of an Identity and Access Management project could do a lot worse than first hiring for a few months a functional IAM expert, who has been around the block a few times and knows well why some IAM projects succeed and why many others fail.
When proper IAM governance is in place and IAM requirements documented and prioritized with stakeholders, outsourcing the project at a fixed cost becomes a real possibility again. Furthermore these organisations may be pleasantly surprised when the actual technical implementation is a lot quicker and a lot cheaper than they had ever imagined!