It’s common to assume that chaotic IAM systems and processes are unique to your environment, especially after investing heavily in external consultants, managed services, staffing, and additional tools. However, stable SailPoint IAM environments are less common than chaotic ones, leading IAM leaders to accept chaos as the norm.
When asked about the problem, many leaders blame external consultants, their internal teams’ lack of know-how, or the complexity of their environment. While these factors can contribute to chaos, they are not usually the main culprits.
In this post, we’ll discuss the three main reasons (in no particular order) why SailPoint-enabled IAM programs are chaotic and provide steps to achieve stability. Chaotic IAM programs typically have rising production incidents, dissatisfied end users, overworked IAM resources, continuous control failures, and never-ending audit findings/issues.
Reasons for Chaotic IAM Environments
Bad Code Management/Deployment Practices
This area is often overlooked or deprioritized by IAM teams, despite being the root cause of several problems. Having a reliable code repository is essential. If you cannot confidently deploy code from your repository into a lower environment to reproduce a production issue or deploy your master branch in production without risking a system shutdown, then you don’t have a reliable repository.
Release Management Cycle
Frequent emergency change tickets can be a sign of a chaotic IAM environment. While occasional emergency changes are necessary, a high number of emergency changes indicates that only symptoms are being addressed, not the root causes. To improve stability:
- Monitor the number of emergency changes opened per month as a KPI, aiming to reduce this number to less than 10% of all changes.
- Establish and stick to a release schedule, ideally monthly or at the end of each sprint for more mature agile/DevOps environments.
- Follow best practices for release management, such as signed-off QA and UAT testing, go-no-go meetings, and post-production verification.
Lack of Standard Documentation
Many practitioners understand the importance of documentation but don’t practice it. In most SailPoint-enabled IAM environments, key-man risk is common, where a single resource is crucial for the system to function. As IAM teams experience high talent churn, essential design elements, procedures, and processes can be lost.
Documenting solutions and processes is crucial to maintaining the system. This doesn’t have to be fancy – a few bullet points or simple diagrams can go a long way in establishing a stable SailPoint-enabled IAM environment.
In conclusion, addressing these three main reasons for chaotic IAM environments can help organizations stabilize their IAM programs and improve overall efficiency.
