How to Know if You’re Overspending on IAM Solutions


by Glenn Schwartz & Rebeka Wellmon

November 1, 2020

If you struggle to figure out why or how your Identity and Access Management project’s costs keep rising, Regatta Solutions Group knows exactly what questions you should ask yourself and your vendor to stay on track.

While solution approaches and costs can vary based on your company’s specific needs and requirements, you need to begin the process by asking hard questions focused on measuring performance and costs across critical areas often associated with inefficiencies and overspending in IAM projects. Once this is done you can establish a baseline of your current state and look for opportunities to improve

Regatta’s years of experience implementing IAM projects has shown that developer productivity, application on-boarding cycle times, identity lifecycle times, and compliance efficiency are most often the source of problems so we suggest beginning there. 

Having good visibility and control over these areas will put you in a position to implement immediate improvements, build executive confidence and justify additional funding if it is needed. 

  1. IAM Developer Productivity 
    • How to know if you are overspending:
      • Are IAM developers fully utilized or do they spend time waiting for answers to development blockers? 
      • How much time is spent resolving blockers and repairing defects? 
    • How to improve IAM Developer Productivity 
      • Measure developer downtime and assign work on other applications while they wait for blockers to be resolved that are outside their control.
  2. Application On-boarding Cycle Times
    • How to know if you are overspending:
      • Can you measure the time it takes to analyze, develop and deploy identity-enabled applications by type? 
      • Are applications moving quickly into and through development because all the information is available or are there delays gathering information not readily available when needed?
    • How to improve cycle times:
      • Standardize your onboarding lifecycle with a process that ensures the right people are in the right place at the right time and the correct information is captured and available, i.e. stories are captured and clear, design documents are complete and checked.
  3. Identity Lifecycle Times
    • How to know if you are overspending:
      • Once an application is identity-enabled, are provisioning and other identity operations easy and fast to save the company money, or are manual steps still required and problems are continually arising when new users are added or existing users changed?
    • How to improve cycle times:
      • Begin by actually measuring them, then identify points in the chain that can be automated or improved. Prioritize and develop a plan of attack for optimizing performance.
  4. Compliance Efficiency
    • How to know if you are overspending:
      • Can compliance organizations stay current with their reporting or is a lot of labor and support needed to help them meet company goals?
    • How to improve cycle times:
      • Work with compliance to identify and build a catalog of the most pressing reports need on a continuous basis, then prioritize the largest impact reports and put in place to can these reports and make them easily available.

 As the old adage says, “If you can’t measure it, you can’t manage it,” and this is particularly true for highly complex IAM projects. Asking the right questions about developers’ and compliance organizations’ productivity, as well as the time spent to activate and evaluate identity-enabled applications will give you the critical baseline measurements you’ll need to begin the path toward immediate optimization. Most importantly, it will build executive confidence to ensure the investment needed to fund improvements is available when needed!

Navigate a Winning Identity Strategy

Securing the enterprise goes beyond selecting the software. Talk to the SailPoint experts at Regatta to discuss your personalized roadmap for a successful identity program.