co-authored by Jill Dhillon

Every chief information security officer (CISO) knows that identity and access management (IAM) is a critical component to safeguarding the organization’s systems, data and applications from unauthorized users. But IAM programs are becoming increasingly challenging due to the complexity of more devices, applications, information, users and data privacy regulations.

Organizations need new and innovative solutions to these challenges and a way forward to develop tools that will meet user needs, provide long-term business value, reduce IT management costs, enhance employee productivity and increase compliance efficiency.

Apply Enterprise Design Thinking to Identity and Access Management

I sat down with Jill Dhillon, global director of Enterprise Design Thinking for IBM Security, to talk about how organizations are using Enterprise Design Thinking to uncover and solve modern IAM challenges. Here’s what she had to say.

Question: How can clients use Enterprise Design Thinking to uncover modern identity and access management challenges?

Dhillon: Enterprise Design Thinking helps us identify the right problem to solve. So, in other words, we start by framing the problem to generate alignment and begin the work. How do we frame the problem? One option is to take a stakeholder mapping approach, which will include sponsor users who are experiencing the challenge.

We conduct user research and bring the insights into the design thinking session where we collaboratively refine the problem statement further if warranted. We move forward from there and dive more deeply into the problem as a group, then use a variety of structured, highly interactive activities to prioritize ideas and ways to solve the problem.

How does Enterprise Design Thinking build stakeholder buy-in for these new and innovative ways of managing identity?

With complex technological environments, often teams don’t have the opportunity to cross-communicate or collaborate deeply in a real-time sense. They are working in silos, and often asynchronously. Whether it’s executive leadership, middle management, engineering or people who are client-facing, there can be impacts and barriers to progress. Enterprise Design Thinking allows us to dissolve those silos, listen to one another and craft solutions collaboratively in an accelerated way. Engaging users is an additional stage we infuse when we practice design thinking as it enables us to learn about their current experience and generate tremendous amounts of insight, which influences the solution design.

The approach also affords an anonymized, democratized way of sharing points of view. So, for example, if a stakeholder has more information than another stakeholder or a leader has a specific target or agenda, it gets shared, discussed, diverged and converged with other points of view. The approach enables alignment where all expertise and supporting data is leveraged and considered through use of the design thinking framework. We have a chance to talk about these points of view, pull them apart, put them back together and then come up with a game plan that makes sense based on all the dynamics and all the information that comes forward in the process.

In terms of IAM, so many of the challenges can be addressed in a programmatic approach. Enterprise Design Thinking allows stakeholders to see into the various levels and co-create solutions that are needed to get the whole IAM program to work. It’s about dissolving the silos, working collaboratively and getting a line of sight into the entire end-to-end experience for IAM.

How would you start an Enterprise Design Thinking for IAM session for a client?

We start with the client innovation teams and collaborate across the organization with all subject matter experts. This session focuses on strategy which results in a programmatic approach and phased road map with specific activities and tasks required for implementation.

A key success factor for any design thinking initiative is enlisting executive sponsorship. Programs are most successful when these leaders are highly visible, collaborative and willing to provide feedback on an iterative basis. IAM leaders and their stakeholders are usually eager to participate because they co-create solutions and actionable takeaways with owners, as well as accountability. They learn about barriers, how to manage risks in a more informed way, and how to build communication channels with direct and instant feedback. It accelerates everything for the organization, helps enable change management approaches in new ways. There often are much higher levels of success, such as quicker implementations, reduced risk and cost savings.

We had a client recently that had a pilot in flight. They wanted to host a series of design thinking sessions to bring more subject matter expertise to the table, calibrate the pilot, learn how users were experiencing it, how they could expand the pilot in future release cycles. In just a couple of days, with about 15 people supported by good workshop design, this client said they would have never been at this stage or accomplished all the strategic work without Enterprise Design Thinking. It would have taken them months or even years, and they wouldn’t have had all the insights that led to a highly improved next iteration.

So, Enterprise Design Thinking was an accelerator and provided a feasible action plan. It’s all about feasibility in relation to impact and solving pain and inefficiencies. When you have a workable action plan, you can align resources for future implementations.

Ultimately, it’s people that are designing the technology, and we need human-centered design when solving problems. The more direct user insight we can bring into the sessions, the more effectively we can solve the challenges with people, process or technology. Often, we’re working with the context and complexity of all those dynamics at play. They are addressed as part of the overall solution as well.

Innovate to Solve Modern IAM Challenges

With Enterprise Design Thinking for IAM, security and IT teams can uncover and solve modern IAM challenges in an innovative and unique way. The framework guides stakeholders to focus on framing the right problem and collecting valuable insights from users and helps craft more effective solutions collaboratively.

Design an IAM program optimized for your business

More from Identity & Access

How to Keep Your Secrets Safe: A Password Primer

There are two kinds of companies in the world: those that have been breached by criminals, and those that have been breached and don't know it yet. Criminals are relentless. Today’s cyberattacks have evolved into high-level espionage perpetrated by robust criminal organizations or nation-states. In the era of software as a service (SaaS), enterprise data is more likely to be stored on the cloud rather than on prem. Using sophisticated cloud scanning software, criminals can breach an enterprise system within…

Making the Leap: The Risks and Benefits of Passwordless Authentication

The password isn't going anywhere. Passwordless authentication is gaining momentum, though. It appears to be winning the battle of how companies are choosing to log in. Like it or not, the security industry must contend with both in the future.  But for some businesses and agencies, going passwordless is the clear strategy. Microsoft, for instance, has recently stopped forcing users to use a password to access their account, which allows access to a wide range of Microsoft business and personal…

Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments

While cloud computing and its many forms (private, public, hybrid cloud or multi-cloud environments) have become ubiquitous with innovation and growth over the past decade, cybercriminals have closely watched the migration and introduced innovations of their own to exploit the platforms. Most of these exploits are based on poor configurations and human error. New IBM Security X-Force data reveals that many cloud-adopting businesses are falling behind on basic security best practices, introducing more risk to their organizations. Shedding light on…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…