By Stefan Smulders Just like any other IT project, an Identity Access Management (IAM) project requires the right preparation. In addition, a BizDevOps approach offers an organization a good basis for making an IAM project a success. A successful project journey is important, because a robust IAM platform is critical for secure access to applications and employee productivity. IAM is a very critical function, which deserves every possible attention.
For some time now, organizations have opted for a DevOps approach in their IT projects. This entails that development and operational teams work closely together to develop new functionality. This collaboration was previously unusual. In the old situation, developers started working in an isolated way. At the end of a process, they delivered functionality to the IT administrators, who had to find out themselves how to support management. With DevOps, both disciplines work closely together during the project, so that administrators know exactly what they are managing at the end.
With BizDevOps, organizations go one step further. BizDevOps is the practical implementation of the much-discussed concept of business and IT alignment in the IT world. Information technology has for decades defined how the business should work. The background to this was that IT systems were relatively cumbersome and inflexible. Only in the last ten years did the role of technology slowly change and the emphasis is now on enablement. Technology should support the business rather than dictate how processes run. BizDevOps (or DevOps 2.0 ) is one of the results of this.
With BizDevOps you remove the silos between departments. You start by jointly mapping the business requirements. These are the starting points for what happens next. In this way you ensure that what is developed optimally matches what the organization needs. BizDevOps goes hand in hand with agile working. This involves dividing the required work into small parts. A team works in sprints of a few weeks. At Traxion, we normally use sprints of two weeks. At the end of each sprint functionality is delivered and all stakeholders evaluate if the functionality meets the requirements.
This approach offers several advantages. For starters, there is much more transparency about the content and progress of a project. In the traditional waterfall approach a development team could deliver an application after months. Only then became clear whether it offered what was needed by the business. If that was not the case, the choices were to start over – at much cost – or to start using a sub-optimal application. In addition, agile working contributes to a better quality of the delivered functionality, because there is continuous control over the development process.
When it comes to IAM projects, with a BizDevOps approach it is much easier to prioritize the security risks. Thanks to an agile approach the most urgent ones can be tackled first, contributing to more and better security of data and systems. This is important as the world becomes more digital by the day.
Stefan Smulders is a security consultant at Traxion, provider of Identity Centric Security Services in the Netherlands and Belgium with over 130 highly qualified professionals. Traxion is part of Swiss IT Security Group.