I was kind of shocked recently to hear about an organisation that had assumed implementing FIM would lead directly to cutting Service Desk positions. Over the years I’ve delivered a good number of successful IdM solutions that have taken all sorts of tedious, error-prone tasks out of people’s hands… but I don’t think any of them have led to actual job cuts – and I would have been astounded if people thought they would.
In my mind automated IdM just helps us run on the spot with the resources we already have. IT is being expected to deliver so much more, with increasing complexity (yes even when “cloud” is involved) – and also having to deal with mobility, security audits, compliance, mergers, divestitures….
IdM can automate the well-known IT tasks, freeing people up to deal with all the new demands coming in – the stuff that needs actual human brain power to work through. Thinking that automating the tedium means you can lose personnel assumes there will never be anything else other than the known tasks. I can’t imagine how anyone who works in any IT-related capacity could think this was a plausible view of the future.
The other thing properly implemented IdM does is help clean up your identity data, and this banks all sorts of wins and efficiency improvements for the future. You want to implement a new manager-approval capability inside an application? Well yes, we do actually know who everyone’s current manager is! You want to migrate documents to a new document management system? Well yes we can actually state who should have access. You want to start migrating mailboxes to the cloud? Well there’s no legacy of enabled accounts for people who’ve long gone, and completely out-of-date user data to slow us down – not to forget that we can extend our provisioning and management framework to the cloud so we’re not adding another manual provisioning task!
Well-implemented IdM should be taken for granted. It should seem completely normal that data about users in directories and applications is correct and up-to-date. It should be expected that provisioning and deprovisioning happen automatically, that user access changes as they move around the organisation. While we will never be able to automate everything, the structure and consistency that comes with automation should, over time, reduce the complexity of the environment, helping to simplify even the tasks that continue to be manual.
IdM is not about reducing headcount. It’s about doing more with what we already have – and that should be clearly worth its implementation costs.