Bring ROI to your IAM project: concrete arguments

Publié :

11/2023

| Mis à jour le

-
Articles
>
IAM
Optimizing IT department productivity and strengthening company security are the major strengths of an IAM solution. However, convincing your IT department or management is necessary to take full advantage of these benefits. In this article, we will analyze the concrete benefits and costs associated with an Identity and Access Management solution so that you can present a well-informed case to your management!

Summary

An employee means actions to be carried out for the IT department.

An arrival, a mobility, a departure? This involves operations such as creating, modifying, or deleting accounts, but I will be more specific.

An employee who changes department will have an impact in the HRIS and the account directory, such as Active Directory, where their rights will need to be changed, and some accesses will need to be deleted while others will be created.

Regardless of how these actions are performed, it is called access and identity management, or IAM. In this case, IAM is done manually.

The problem is that an IAM project is seen as cumbersome and costly by management. So:

  • How to convince your management to adopt an IAM solution, which is often expensive?
  • How to sell an IAM project internally by demonstrating ROI (Return on Investment)?

You are convinced that an IAM solution would be beneficial in your work. You clearly see the undeniable advantages of process automation such as eliminating time-consuming phases, significantly reducing errors, programming workflows, and self-service for password resets.

The difficulty is convincing the CIO or company management that this budget will quickly pay for itself.

Here we go, I'll show you how to present your IAM project to get it approved 👉

Before talking about ROI, let's be clear about the objective of the IAM project.

Before rushing headlong into an IAM project and trying to sell it internally, you need to be clear about the initial need and why you want an identity and access management solution.

There are 4 main areas:

  • Facilitate the IT team's work
  • optimize employee experience
  • strengthen company security
  • Ensure company compliance.

Currently, you probably don't have an IAM solution and you perform all your actions manually, so your desire to have an IAM falls into one of these areas.

Automation, a key feature of IAM, addresses these four areas.

IAM (identity and access management) aims to automate account management, including user onboarding and offboarding, which enhances security and provides a comprehensive view of identities and access, offering insights into the company's actual compliance status.

The expected gains are therefore significant but also depend on your internal processes.

What gains can be expected from an IAM solution?

The more you deploy IAM within your processes, the greater your ROI will be. It is necessarily correlated to your actions.

If you only automate certain actions and keep a good part of them manual, your ROI will be relatively low.

If you have a high turnover, the ROI will be all the more visible if you automate all account provisioning.

If you use many service providers or temporary workers, the use of IAM will have a very significant impact on your ROI.

Here are the areas where you will have a measurable impact in terms of ROI, which are specific to each case in an IAM project:

  • duplicate HR - IT data entry in the transmission of information for a new arrival;
  • The efficiency and reactivity in addressing HR events: arrival, transfer, departure, etc.;
  • Time spent creating different accounts for a collaborator. Obtaining all the information and applying the different nomenclatures for all applications is very time-consuming.
  • The time it takes for a new arrival to be operational with all applications and access:
    → cost per month = (average) salary per day X number of non-operational days X number of arrivals per month
  • the reduction of data entry errors and therefore the improvement of data reliability;
  • license management and knowledge of the license inventory;
  • Time spent on an audit: This includes the number of people involved, such as managers, HR managers, application managers, and the audit manager.
  • the reliability of SI data;
  • the company's compliance by having a complete history of account provisioning;
  • the number of password resets within the helpdesk.
    → cost per month = number of calls X 30 X [time spent X hourly cost of a helpdesk person]

The two major themes are:

  • Reducing manual actions.
  • reducing or eliminating errors during account management actions

How to concretely measure the ROI of an IAM project?

ROI is calculated as follows:

ROI = (profits - costs) / costs

Costs should include:

The costs of an on-premise solution:

  • purchasing the solution,
  • specific developments,
  • hosting on your servers,
  • server maintenance,
  • Backup,
  • installation with the help of a consultant,
  • training,
  • upgrades,
  • connector development,
  • the immobilization of internal employees during the training and deployment phase,
  • the support,
  • Change management if the company has deeply rooted manual processes.

The costs of a SaaS solution:

  • Monthly costs,
  • specific developments,
  • the integration phase with a consultant,
  • the immobilization of internal employees during the training phase,
  • training,
  • the support,
  • Change management, especially if the chosen solution is highly technical.

We therefore distinguish between two types of costs:

  1. Costs in the BUILD phase, which are one-time costs, often at the beginning of the project
  2. RUN phase costs inherent in the daily management of the solution.

It is therefore necessary, before calculating the benefits you could derive from a solution, to determine how much it will cost you.

Verify what is included and what is not.

For example, at Youzer, there are no hidden costs; the solution is SaaS, which avoids maintenance costs; support and training are included in every offer.

Developments, if they benefit all of our clients, are not invoiced, nor is the development of connectors, if they can be used by several of our clients, they are not invoiced either.

Youzer does not require months of deployment and connects in a few hours, which minimizes disruption for internal staff, and there is no need for a consultant.

We have also developed a solution with several levels of use and reading, which makes it intuitive and easy to learn. For example, we have no abandonment due to the complexity of use.

Regarding the benefits, here is what you can quantify upfront:

  • the number of paid licenses found
  • The time saved by eliminating manual actions (for managers, HR, and of course, IT).
  • Eliminating errors prevents cyberattacks with serious consequences.
  • Conducting audits in just a few clicks and extracting data for compliance.

How to succeed in estimating as closely as possible the ROI of your identity and access management project?

Conduct a POC (Proof of Concept).

There's nothing better than a POC, proof of concept, to put everything we've just seen into practice.

  1. You will be able to test the solution in your environment with specific constraints and see its long-term viability
  2. You will get immediate initial results
  3. You are not committing to a long-term contract.
  4. You have concrete elements to present to your IT department or your management

I advise you to carry out your POC on a limited scope, such as only one entity or only with a few applications. However, your POC must be representative of your institution.

Then, look for quick wins:

  • search for erroneous and orphaned accounts (departed users with active linked accounts or active unlinked accounts)
  • Perform a focused audit and highlight discrepancies and risks
  • identify unused licenses
  • Test the application packages that allow you to assign access in a pre-automation
  • present the unique user repository (contracts and non-contracts are visible), this gives a clear vision for HR: centralization of sources

Some reference figures for an IAM project ROI

Number of licenses saved with an IAM solution

Here is an example of what was achieved after one hour of using the Youzer application. Our prospect was able to realize a return on investment in the IAM solution after 1 hour by finding 144 active licenses assigned to departed users, while they were starting their POC!

At that time, it had only added 2 connectors (applications).

We notice that on average 10% of the global licenses are not attached to any person. Either the person has left, or they have changed department, or it was for occasional use and this has not been taken into account.

The time saved on account creation represents, depending on the size of the company, one FTE. You can allocate it to something else or avoid having to recruit for.

Account audits (account and user reconciliation) represent on average one full month of work for one FTE, who will also solicit other contacts within the company.

When the configuration is done correctly, it only takes one click.

Correcting anomalies is also a real time saver, Youzer takes care of making proposals that will be automatically applied in each application, according to your decisions. There is therefore no need to connect to each application to make a correction. You save approximately 5 to 15 minutes on each correction.

I invite you to read the various testimonials from our customers to give you a more precise idea of the gains you can derive from an Identity and Access Management solution.

automate the creation of accounts for a large number of arrivals and enable everyone to be operational from day 1.

Automate account creation and centralize applications from different horizons. "Price-wise, the decision was made quickly: The trick was quite simple: the time wasted creating accounts left and right compared to the cost of automation, we saved right away."

Save time auditing user accounts to ensure compliance.

In conclusion

It is clear that you need to justify an ROI to sell your IAM project internally, but keep in mind that the ROI is highly dependent on your organization and processes.

Some of our clients have completely automated their user lifecycle, which gives them an exponential ROI.

Others maintain a number of manual processes, which slows down profitability.

Another point to observe, as highlighted by the Clusif, is that there are RUN and BUILD costs that will not impact your finances in the same periods. These will need to be taken into account.

But you will have to pay attention to the known and unknown costs. Integration days may be more extensive than expected, training needs more important, specific developments more substantial.

Your company may decide to carry out a major recruitment drive, which will increase your account creation times and thus increase the interest in an IAM solution with a greater ROI.

To summarize: gather all the costs of the IAM solution, estimate the benefits (human costs, errors and licenses) and, if possible, test the solution before committing.

Besoin d'évaluer le coût d'un projet d'IAM ?

Téléchargez ce livre blanc sur le coût de l'inaction dans l'IAM :

Nous n'avons pas pu confirmer votre demande.
Votre demande de livre blanc est bien prise en compte.

Recommended Articles

7 best practices for identity and access management
Software to perform a review of accounts and entitlements
How to manage accounts shared between users?