Published on February 16th, 2023 📆 | 4488 Views ⚑
0Customization of IAM Solutions: Risks of Having it Your Way
Forty years ago Burger King launched a revolution in customization, declaring that they could provide you the power of creating your perfect burger combo. Made to order, fresh, fast and no extra cost. The slogan âHave it Your Wayâ (replaced now by âBe Your Wayâ) has more than impacted our drive thru satisfaction, it has become a way of applying customization to anything and everything. However, I know the limitations of my BK order. I understand what BK offers out of the box/bag and what they are designed to provide. I know I cannot order a grilled salmon salad with champagne vinaigrette dressing on the side.Â
Â
Similarly, weâve come to expect ultimate flexibility from identity and access management (IAM) solutions because leadership, end users, or business processes push the âHave it Your Wayâ mentality. IAM solutions are designed with out of the box functionality that provides efficient processes and security best practices. Bringing the mindset of customizing everything into the IAM world holds several risks, for example:
Â
- Customization of any IAM tool creates more work to maintain it, both short and long term;
- Expanding any tool beyond what it was designed for puts your processes on thin ice. If Burger King did suddenly offer salmon, I wouldnât take my chances
- The current processes may not fit well with the out of the box functionality, so âyour wayâ should be evaluated before considering customizing the solution
-
- Costs money via resources and time
- Slows down application or system upgrades, as customizations have to be closely watched for code changes that could break
- Isnât typically supported by the product vendor, so if you customize it and it breaks, itâll be a costly fix
Â
The final risk is crucial for businesses to consider prior to implementing IAM solutions. When evaluating customizations, dare to ask âwhy?â There may be diagrams of current business processes, but why is it that way? Answers typically sound like something from the drive thru window - âThe owner of this system left the company and didnât document the process. Then the owner of the next system wrote a script and the reviewer wanted a report formatted like this. Then this manager wanted to verify or approve using X method, while another liked Y method better.â And so began the request for a Burger King solution, because everyone wanted it âtheir way.â
Â
If this sounds like your culture or system complexity, look for the logic in the processes. To lead a successful IAM program, youâll have to weed out the comfort of âthatâs how itâs always beenâ vs. real system or process complexities. The goal should be a holistic, centralized solution with opt-in capabilities that focuses on solving the real pain points of all business lines in the best way possible and minimizes custom configuration. However, some scenarios may require more effort to fix, than can be resolved through a customized IAM solution. Remember that out of the box functionality is your friend, not your foe. As much as feasible to your business, try to mold your processes to fit the tool, not the other way around. Donât be afraid to challenge the status quo, reducing the risk of creating a custom IAM burger recipe that will quickly lead you to timeline and budget heartburn.Â
Gloss