In virtually every industry, the coronavirus pandemic has shifted the way organizations operate. In particular, remote working and learning has proven the need for automation and increased security in the wake of rising cybersecurity threats. IT teams may find themselves tasked with convincing key decision makers to prioritize emerging solutions to address these issues, such as identity and access management (IAM). Typically, stakeholders want to see a return on investment for an IAM investment. Here’s what building a solid case for funding an identity management solution should focus on: security, compliance, productivity, efficiency and competitiveness wrapped into an ROI. Here’s why:
Cyberattacks have been problematic and on the rise for the past several years. However, since the onset of the COVID-19 pandemic, cyber criminals have become more sophisticated in their schemes, especially targeting employees working remotely.
Historically, higher education institutions, for example, have experienced cybersecurity attacks at a rate much higher than that of other organizations. Colleges and universities are so frequently targeted due to the amount and types of data they maintain, such as large volumes of student and faculty identities, financial data, and intellectual property. IAM provides the security necessary to ward off these attacks and keep the network secure.
When it comes to cybersecurity, it’s important to remember that breaches are costly. In presenting the case for enhanced security, the deciding factors should come down to the cost to remediate a security breach versus the cost to implement an identity management solution. Presenting a side-by-side comparison will help illustrate the importance of the investment.
Many industries, especially highly regulated industries, conduct access certification reviews, or audits, to ensure the right people have the right access to the right programs. Conducting audits manually is extremely time consuming and therefore costly, consuming hundreds of hours of time that IT staff could be spending elsewhere. A 2015 Congressional Study found that audit preparation costs account for an average of 5.6% of a bank’s operating expense. The regulatory burden caused by risk management audits is significant. In 2011, the FDIC spent, on average, 24 to 57 days on-site conducting audits.
IAM automates this process so that user access can be monitored continuously and access issues can be addressed as they arise. The alternative is to identify issues following an audit and potentially face fines and remediation costs. Since audits often take hundreds of hours and thousands of dollars to conduct, the cost-savings associated with automating this process alone are significant.
In light of the COVID-19 pandemic, a recent compliance development in many industries, particularly banking, is an increase in virtual audits. Institutions with an IAM solution already in place are already prepared for a faster and smoother audit process because of the ability to remotely give access to the auditor.
Suppose an employee forgets a password and locks themselves out of a program they need access to and they have to submit a help desk ticket for assistance before they can proceed. Depending on how many help desk tickets are in front of theirs, they may be waiting some time for assistance, which results in downtime and lost productivity. With IAM and SSO, users only need to remember one password to access the programs they need. If a password does need to be reset, it becomes a “self-service” function. Not only does this free up time for tech teams, but it allows employees to continue with their daily tasks virtually uninterrupted.
One of the largest line items on an IT budget is utilities, which can include things like the help desk, maintenance, or network costs. Simple tasks like resetting passwords, as mentioned above, or provisioning user access can take up valuable resources that IAM would otherwise streamline through automation. One of our Provision clients reported a 50-70% reduction in personnel time required to manage system access now that they are using role-based access control. They also reported 35% lower overall costs of managing entitlements and access security audits.
Simply calculating the number of help desk tickets responded to per year and the number of hours spent responding to those tickets is sometimes enough to justify the efficiency of an IAM solution to upper-level management. Greater efficiencies lead to significant cost savings almost immediately.
Organizations focused on future growth, whether through an IPO or a merger, will want to ensure they are well positioned for integration with another organization. Without an identity management solution in place, granting and/or revoking user permissions manually will require hours upon hours of tedious work, which can ultimately delay the process of merger or acquisition. Banks, for example, often grant hundreds of permissions per user. Investing in an identity management solution ahead of time ensures readiness, competitiveness, and growth through automation.
Looking for more advice on how to get started down the identity access management decision-making and planning phase? Check out our complementary checklist "10 Steps to Take Before Pulling the Trigger on IAM" here!