The Identity/Security Challenge

Most of the people that I know in the identity field will know and understand what I am about to say:

Identity management and security is not about technology.

That is very shocking for many people in our field, because our natural proclivity is to solve all problems with a technical solution.

I have done many projects over the years, and I would estimate that around 80-85% of them have always come down to business process. Sometimes this is one of the more challenging pieces that you can encounter with a client as well, as they are expecting just a technical solution to solve all of their problems.  So, how do you adjust?

The answer is not simple, and yet it is.  It all depends on the client.  How receptive have they been to any of the technical solutions that you have been proposing?  Has there been anyone that has tried to force a solution different than the one that has been proposed?  And I say that with the thought in mind of the protective mindset that client technology people can sometimes have.  And it's understandable from their point of is a consultant coming in to change their environment.

The ability to remove the idea of technology from the discussions is how I have been able to work through some of these challenges.  Start with the process, work backwards from there, and the solution creates itself.

Comments (2)

  1. Carrie Boyle says:

    I think that this is easier said than done. What is your methodology or approach to be able to get a CISO or other technologist to focus on the business aspects and requirements versus focusing on a technical solution? How much time do you focus on assessing on current challenges and process versus on an ideal target state?

    1. Matt Stolnis says:

      Hi Carrie,

      The easiest way is to just start the dialogue. If the conversation continually moves towards a technology solution, try and steer the conversation in a way that the technology answers the business questions. (e.g. I understand that you are looking for ProductX(ium) to solve this issue for you. Is the process that you have currently in place for this to be effective?). Sometimes, it’s the hardest thing in the world to actually get people to stop thinking tech, and really think process first, and it’s one of the major challenges I find as a consultant, especially when I have been brought in to solve a technology issue.

      And of course, each client is different. Some are very open to having those kind of discussions, others are not. For those that aren’t, I would couch the discussion in the way that shows how you have to have root cause analysis. It’s easy to fix a current problem, but it will reappear and cost them more to keep bringing people back to resolve it.

      Hope that helps a bit!


Skip to main content