An employee is synonymous with actions to be carried out by the IT department.
An arrival, a move, a departure? This involves operations such as creating, modifying or deleting accounts, but I'll be more specific.
If an employee changes department, this will have an impact on the HRIS, the directory of accounts and the Active Directory, where rights will have to be changed and some accesses will have to be deleted, while others will be created.
However these actions are carried out, they are called access and identity management, or IAM. In this case, IAM is done by hand.
The problem is that an AMI project is seen as cumbersome and costly by management. So :
- How do you convince your management to take on an IAM solution, which is often expensive?
- How do you sell an IAM project internally, while generating a return on investment (ROI)?
You're convinced that an IAM solution would be beneficial to your work. You can see the undeniable benefits of process automation, such as the elimination of time-consuming phases, a clear reduction in errors, programmable workflows and self-service for password resets.
The difficulty lies in convincing the CIO or company management that this budget will quickly pay for itself.
Here we go, showing you how to present your AMI project for validation 👉
Before talking about ROI, let's be clear about the objective of the AMI project
Before diving headlong into an IAM project and trying to sell it internally, you need to be clear about your initial need and why you want an identity and access management solution.
There are 4 main axes:
- facilitate the work of the IT team
- optimize the employee experience
- strengthen corporate security
- ensure your company's compliance
At present, you probably don't have an IAM solution, and you carry out all your actions by hand, so your desire to have an IAM falls into one of these areas.
Automation, which is one of IAM's key features, enables us to meet these 4 objectives.
IAM (identity and access management) aims to automate account management and thus the onboarding and offboarding of users, which also reinforces security and provides a global view of identities and access, offering a vision of the company's actual compliance.
The expected gains are therefore significant, but also depend on your internal processes.
What benefits can you expect from an IAM solution?
The more you deploy IAM in your processes, the more your ROI will increase. It is necessarily correlated to your actions.
If you automate only certain actions and keep a large part of them manual, your ROI will be relatively low.
If you have a high turnover, the ROI will be all the more visible if you automate all account provisioning.
If you use a large number of service providers or temporary workers, the use of GIA will have a major impact on your ROI.
Here are the points on which you will have an impact in terms of ROI that are measurable but specific to each case in an IAM project:
- double HR-IT entry in the transmission of information for new arrivals;
- efficient, responsive handling of HR events: arrivals, transfers, departures, etc. ;
- the time spent creating the various accounts for an employee. Obtaining all the information and applying the different nomenclatures for all the applications is very time-consuming;
- the time it takes for a new arrival to be operational with all applications and access:
→ cost per month = (average) salary per day X number of days not operational X number of arrivals per month - reduce data entry errors and thus improve data reliability;
- license management and knowledge of the license pool ;
- the time spent on an audit: the number of people involved, such as managers, HR managers, application managers, the audit manager... ;
- the reliability of IS information;
- to bring the company into compliance by having a complete history of account provisioning;
- the number of password resets within the helpdesk.
→ cost per month = number of calls X 30 X [time spent X hourly cost of a helpdesk person].
The two major themes are :
- fewer manual actions
- reduce or eliminate errors in account management actions
How do you measure the ROI of an IAM project?
ROI is calculated as follows
ROI = (benefits - costs) / costs
Costs include :
The costs of an on-premise solution :
- the purchase of the solution,
- specific developments,
- hosting on your servers,
- server maintenance,
- backup,
- installation with the help of a consultant,
- training,
- upgrades,
- connector development,
- the immobilization of in-house staff during the training and deployment phase,
- support,
- change management, if the company has deep-rooted manual processes.
The costs of a SaaS solution :
- monthly costs,
- specific developments,
- the integration phase with a consultant,
- the immobilization of in-house staff during the training phase,
- training,
- support,
- change management, especially if the chosen solution is highly technical.
We therefore distinguish between two types of costs:
- costs in the BUILD phase, which are often one-off costs at the start of the project
- RUN phase costs inherent in the day-to-day management of the solution.
So before calculating the benefits you could gain from a solution, it's important to know how much it will cost you.
Be sure to check what's included and what's not.
For example, at Youzer, there are no hidden costs, the solution is SaaS, which avoids maintenance costs, and support and training are included in every offer.
We don't charge for developments that benefit all our customers, or for the development of connectors that can be used by several of our customers.
Youzer doesn't require months of deployment, and connects in a matter of hours, so there's little downtime for in-house staff, and no need for consultants either.
We have also developed a solution with several levels of use and reading, making it intuitive and easy to learn. For example, we have no abandonment due to complexity.
As for the benefits, here's what you can quantify upstream:
- the number of paying licenses recovered
- the time saved by eliminating manual actions (by managers, HR and, of course, IT)
- error-proofing to prevent cyber-attacks with serious consequences
- auditing in just a few clicks and data extraction for compliance purposes
How can you estimate the ROI of your identity and access management project?
Create a POC
There's nothing better than a POC, or proof of concept, to put everything we've just seen into practice.
- You will be able to test the solution in your environment with specific constraints and see its long-term viability.
- You'll see the first results immediately
- You're not making a long-term commitment
- You have concrete elements to present to your CIO or management
I advise you to carry out your POC on a restricted perimeter, such as just one entity, or with just a few applications. However, your POC must be representative of your institution.
Then look for quick wins:
- search for faulty accounts and orphans (users who have left with active accounts attached or active accounts not attached)
- carry out a limited audit and show gaps and risks
- identify unused licenses
- test the application packages that enable you to assign access in a pre-automation process
- present a single user repository (contracts and non-contracts are visible), giving HR a clear vision: centralized sources
Some reference figures for the ROI of an IAM project
Here's an example of what was achieved after just one hour's use of the Youzer application. Our prospect was able to realize a return on investment for the IAM solution after 1 hour, finding 144 active licenses allocated to users who had left, just as he was starting his POC!
At the time, he had only added 2 connectors (applications).
We note that an average of 10% of global licenses are not attached to any one person. Either the person has left, or changed departments, or it was for occasional use and was not taken into account.
The time saved on account creation represents, depending on the size of the company, one FTE. You can put it to work elsewhere, or you don't have to recruit.
Account audits (the reconciliation of accounts and users) represent on average a full month's work for one FTE, who will also call on other contacts within the company.
When set up correctly, it only takes one click.
Correcting anomalies is also a real time-saver, as Youzer takes care of making proposals which, depending on your decisions, will be automatically applied in each application. So there's no need to connect to each application to make a correction. You save around 5 to 15 minutes on each correction.
I invite you to read some of our customers' testimonials to get a better idea of the benefits of an Identity and Access Management solution.
→ automate the creation of accounts for a large number of arrivals and enable everyone to be operational from day 1.
→ Automate account creation and centralize applications from different horizons. "Price-wise, the decision was made quickly: The trick was quite simple: the time wasted creating accounts left and right compared to the cost of automation, we saved right away."
→ Save time auditing user accounts to ensure compliance.
In conclusion
Obviously, you need to demonstrate ROI to sell your AMI project internally, but keep in mind that ROI is highly dependent on your organization and processes.
Some of our customers have completely automated their user lifecycle, offering exponential ROI.
Some others keep a number of processes manual, which slows down profitability.
As Clusif points out, there are RUN and BUILD costs that will not impact your finances at the same time. You'll need to take them into account.
But you need to be careful about known and unknown costs. Integration days may be longer than expected, training requirements greater, specific developments more consequential.
Your company may decide to carry out a major recruitment drive, which will increase the time it takes to set up accounts, and thus increase the value of an IAM solution with a higher ROI.
To sum up: gather all the costs of the IAM solution, estimate the benefits (human costs, errors and licenses) and, if possible, test the solution before committing yourself.
