Mike Wyatt's Weblog

Boiling the Ocean

I've had the honor (or curse) of being involved directly or indirectly involved in well over 300 Identity Management deployments. Many projects have been successful but certainly not all. As referenced earlier there are a number of reasons why projects are not successful, many of which have little to do with the technology involved in the implementation. One of the biggest challenges is when a customer wants to follow the same process for the project that was used to create the universe we live in - the Big Bang approach. What do I mean by the big bang appoach? I'm talking about trying to implement tooo much in a single phase of a deployment. Some of the toughest projects I've seen are ones that involve implementing several different functional solutions as well as connecting to a wide variety of systems during a single project phase. Whether you follow a waterfall, modified waterfall or agilent implementation methdology, the key is to phase the project into bite sized chunks. For example, some of the best projects that I've seen are ones that focus on Phase I getting the Idenitty Management infrastructure in place and providing a "quick win" such as consolidated password reset for 3-4 key systems such as LDAP, AD, and RACF. This approach enables the deployment of the appropriate RDBMS, Application Server, Identity Management software and provides value to a broad stakeholder community with minimal implementation complexity. In contrast I've seen projects that want to provide provisioning, access auditing, and password reset for 15 different types of systems with as many as 1000 hosts in a Phase 1 deployments. In addition to being very expensive and taking a significant amount of time, these types of projects are High Risk. Why High Risk:

• Complexity - building workflows, testing connectivity, and validating data quality on a large numbers of platforms and use cases introduces risks

• Politics - Usually the group implementing the Identity Management solution is not the owner for many of the Line of Business systems that are integrated into the Identity Management solution. Telling an SAP admin that you are interfacing with their system and will be responsible for user adds, deletes, and modifies as well as access control changes is a risky proposition!

• Project Interdependencies - the interaction between various workflows and the managed systems is made overly complex by trying to integrate too many target types or too many hosts in one project phase

• Customer Learning Curve - as the end customer become more familar with the identity management software used for the solution, they will think of interesting enhancement requests for the initial project phase. The simpler and faster phase I is defined, the less chance for significant scope creep

• Project Management - large projects require more oversight, more team interaction and more corner cases to be dealt with. All of these lead to a requirement of more project management overhead or living with more project risk

• Expensive - Big projects take lots of resources and have long durations

I'm sure there are a many other potential risk points that are introduced by using a Big Bang implementation approach. These are simply the ones I've had personal experience with over the last several years. Next time, I'll talk about recommendations that are alternatives to the dreaded Big Bang implementation approach.

Posted at 08:21AM Oct 14, 2006 by Michael Wyatt in Identity Management  |