Identity and access management for everyone

Aberdeen study shows how an identity and access management focus on external users can pay off

In its research report on IAM Beyond Control, Compliance, and Cost: The Rise of the User (September 2015), Aberdeen Group described how the strategic focus for enterprise identity and access management (IAM) systems has been changing:

  • Traditionally, the leading drivers for investments in enterprise IAM initiatives have been focused on the objectives of control, compliance, and cost.
  • Today, however, disruptive changes in the IT landscape are also creating invaluable new opportunities for enterprise IAM systems as a business enabler.

I summarized the findings of this report in an earlier blog.

The conclusion was pretty straightforward: by applying enterprise IAM capabilities beyond the traditional population of internal users to the extended enterprise (which also includes business partners, customers, and consumers), the role of IAM as a business enabler can be taken to an entirely new level.

Investing for success

During the fourth quarter of 2015, Aberdeen conducted a new study on identity and access management — a look at the use, experiences, and intentions of nearly 250 organizations from a diverse set of industries — which provides some additional insights on this important topic.

About half (47%) of all respondents indicated that their investments in IAM capabilities are focused on internal enterprise users only, while the other half (53%) are investing in IAM capabilities to support users throughout the extended enterprise.

The research confirms that by focusing strategically on both internal and external users, these enterprises are starting to view their IAM systems as essential enablers for innovation, growth, and new business opportunities.

But clearly just wanting these strategic outcomes to happen doesn’t necessarily mean that they’re going to happen. If we continue to do the same things, in the same ways, we’re not very likely to achieve different results.

For this reason, it’s not surprising to find that enterprises focused on a broader range of users are also investing more strongly in new IAM capabilities that align with and support those strategic objectives.

As seen in Aberdeen’s research, two examples of IAM capabilities that illustrate this notion of “investing for success” are preventing the bad user behaviors, but fast-tracking the good, and streamlining and personalizing the user experience.

Preventing the bad user behaviors, but fast-tracking the good

The organizations in Aberdeen’s study that focused on the extended enterprise were nearly three times more likely to support out-of-band authentication, which typically takes the form of a separate phone call or text message to a user’s pre-registered mobile device.

This capability can provide the enterprise with a higher level of assurance for specific access attempts or transactions that identity analytics have flagged to be inconsistent with normal patterns of behavior — a complementary capability that the extended enterprise group was also more than two times more likely to have deployed.

From the user perspective, these are examples of new IAM capabilities that give users – both internal, and external – higher confidence that the enterprise is protecting them, which has a positive impact on their propensity to interact and transact.

At the same time, these capabilities contribute to minimizing the friction in their daily online experience, which has a positive impact on both user productivity and user satisfaction.

Streamlining and personalizing the user experience

In recent years, leading IAM solution providers such as CA have introduced innovative user interfaces for making and approving access requests, which in the past has been something that only the more technical and IT-savvy business users could master without direct involvement from their IT staff.

One example is an intuitive “shopping cart” metaphor that virtually all business users are already familiar with as consumers – simply select the access you need from a context-sensitive menu of options, put it in the shopping cart, and with one click initiate the workflow for approvals and automated provisioning.

Investments in these types of innovative IAM capabilities are designed to:

  • Simplify the user experience of requestingaccess
  • Automate the approval and fulfillment workflows for provisioningaccess
  • Make it possible for business users to manage typical identity and access lifecycles, without the extra time and expense of specialized IT resources


The organizations in Aberdeen’s study that focused on the extended enterprise were about 1.5 times more likely to invest in automated user provisioning, which not only provides benefits to their users, but also contributes to their ability to support much higher user scale at much lower per-user cost.


In a related blog coming soon, we’ll look at some of the specific ways that a broader strategic focus on users shows up in terms of results.

For additional insights, I invite you to download the full research report: IAM for Everyone: How a Broader Strategic Focus on Users Pays Off.

Derek Brink is vice president and research fellow, Information Technology, at Aberdeen Group. In this role, he helps organizations improve their security and compliance initiatives by researching, writing about and speaking about the people, processes and technologies that correspond most strongly with leading performance. In addition, he teaches graduate courses in information security at Brandeis University.

New voices, thoughts and insights. This CA Technologies blog post features content written by an…


Modern Software Factory Hub

Your source for the tips, tools and insights to power your digital transformation.
Read more >
Low-Code Development: The Latest Killer Tool in the Agile Toolkit?What Are “Irresistible” APIs and Why Does Akamai's Kirsten Hunter Love Them?Persado's Assaf Baciu Is Engineering AI to Understand How You Feel