A recent survey done by One Identity showed that only 8% of companies have fully automated IAM processes. The result? Needless repetitive work being done by skilled people. When a manual business process can easily be automated, there is absolutely no justification to maintain the status quo.
Most organizations that I talk with have SLAs in place for their identity processes. The organization sets a performance threshold for joiner, mover, leaver (JML) events. It’s not surprising that most organizations measure this in hours – but, it’s not hours, it’s days. A 72hr SLA is really 3 days. This is a typical onboarding SLA for many organizations, and it’s considered normal. After all, there’s a lot of things that need to happen during an onboarding. Onboarding is complicated, time consuming and involves many manual tasks. In the digital age where we measure in milliseconds, where we strive to shave time for competitive advantage, many still accept IAM SLAs in days! But this is just a symptom of a greater problem and it’s costing your business – you’re just not seeing it.
You’ve made investments in IAM/IGA. The promise was to automate JML operations. If you ask your IAM team, they will give a thumbs up – “we’re good ... processes are well defined, roles are defined, we’re automated, we’ve got this covered.” But follow the processes and you’ll find that downstream, many are manually fulfilled. They’re automated from the perspective of the IAM team - because they aren’t doing the work! These processes result in a boatload of tickets created in your ITSM.
Diving deeper, we see that the org didn’t buy connectors for all the systems. Only the birthright and primary systems are connected. Most orgs have connected only 4 or 5 systems. It was too costly to buy connectors or have them custom built. So, for all these systems, we punt to the service desk. That’s the beginning of the problem. How many applications in your org? What’s in those applications?
When we dig into this, we find that those are the critical niche applications that contain the most sensitive of all data! Our CAD / CAM systems, our scientific data systems, research tools, developer tools, management systems … these are the tools that are used to create and deliver our products. They are the ones that are left in a disconnected, manually managed state.
Next, there’s a shift from on-prem to service-based cloud apps. Every org is going through this. It’s presenting a major problem for IAM teams. You’re likely in one of two camps: you have recently deployed IGA that is cloud based but can’t manage your on prem systems, or you have a legacy on-prem IGA that doesn’t talk with your new cloud apps. How is this resolved? More tickets to the ITSM for manual fulfillment.
Then there’s the operational tasks. Non-systems and facilities: business cards, telephones, computers, etc., etc. Every org has this and there’s a required workflow for all of this. Business cards can’t be printed until we know the email address and phone extension. So, how do we deal with this – more tickets, more manual fulfillment. In fact, a recent survey done by One Identity showed that only 8% of companies have fully automated IAM processes. A lot of repetitive work being done by skilled people, and we accept this as normal.
Today, you can order a package from Amazon. In seconds you get real-time confirmation followed hours later by a tracking link. You can see exactly where your package is at in near real-time, right up to the delivery at your door. Sign in later and you can see all past purchases. We have come to expect self-service and real-time visibility into most transactions. Now how does that compare with your IAM processes?
Can a hiring manager in your org do the same to see where a new employee onboarding is at? Do they get notified of success or exceptions? Can an IAM team see downstream exceptions in a dashboard? Do workflow exceptions generate actionable alerts? Can executives review onboarding metrics?
Identity apathy is visible when we consider that in most orgs, nobody knows that something went wrong until the hiring manager gets upset because a new employee shows up for work and something is wrong! Person can’t get signed in, or they didn’t get their badge, or a computer is delayed, and nobody knew about it. It’s all too common and orgs struggle with trying to fix it.
Some might ask, what’s the big deal? Most people don’t start until weeks after they sign, if it all gets done, what’s the problem? Hold this thought… still a few more things to consider.
So far, we’ve only talked about provisioning but most of this happens in reverse when a person leaves. Now your multi-day SLA is a threat window left open for days! For emergency exits, there’s seldom any ‘emergency’ reflected in the processes. Your HRMS is updated, and an HR event trickles down to your IGA – that can take many hours! A terminate employee is considered one of the greatest threats! What can a person do within a few hours of being walked out the door?
Let’s start from the bottom up. One of the number one reasons that I hear for stalled initiatives is resourcing. But wait a second … the people that are processing these tickets are the same people that could be moving your business forward. They could be driving your strategic transformations instead of doing the daily grunt work. Nobody took up a career in IT to process tickets, and they’re doing hundreds if not thousands of them every month. We saw one org with 13 full time staff processing IAM downstream tickets – over a million operations a year! Another fortune 100 processing over 1,300 tickets a month just supporting Microsoft 365 apps. There’s a huge hidden cost around employee dis-satisfaction. If you’re people aren’t happy, you’re not getting the best of them. How many tickets is your IT team processing each month?
Even if you’re willing to leave your people to do the grunt work, consider that bored people are highly prone to making mistakes. By pushing so many monotonous tasks to highly skilled, under-utilized talent, you’re not only accepting molasses-based-operations, but also subjecting your operations to routine glitches. People make mistakes. They miss things. They get sick. The quit. Especially when they’re tired of doing the same things over and over. Little debate here.
We talked about the threat window that’s left open on deprovisioning, but there’s more. Hundreds if not thousands of tickets processes manually each month - most of these are privileged operations. Every time a ticket gets processed, someone is accessing your systems and data with privileged credentials. From where? From their laptops and desktops, home office, corner cafe? All the above. Hundreds of privileged doors routinely opened. Now consider that just one of them clicks on that email link which infects their PC or connects from a rogue WIFI network. By leaving so many privileged tasks in a non-automated state, you’re inviting a serious security breach. I have personally seen companies experience data breaches from these types of scenarios, not once, but multiple times over.
Automation to the rescue! Automation is the game changer. To remain competitive in today’s global economy, automation is essential.
Maybe you’re nodding in agreement, but you’ve already looked at automation and became overwhelmed with the size and scope. A set of requirements gets merged with other requirements in the org. Soon an automation team is put in place with an org-wide mandate. Your identity needs sink to the bottom of a multi-department requirements list. The ocean begins a slow boil.
The automation team isn’t getting this done. So where do you turn? You direct your team to look for a solution. Many options are considered: Automation Anywhere? Workato? UI Path? ServiceNow? So many choices, but nothing quite fits. Every option looks like a heavy lift and a long road to value.
While these are all fine products, they are not focused on the specific needs of IT and Identity Automation, they’re built for general business process automations – allowing your business users to automate lead management or order processing. They are not built for technically complex requirements of the IAM team. Each will offer “some” of the features you need, but all will fall short, and all will require a lot of custom work.
Those of you that have ServiceNow might elect to have a SNOW developer work on this. Yes, this will work, but it will be slow, and very costly. The talent is not easily available, it’s a substantial effort to connect all your systems, there’s several limitations that will put your finish line on a distant horizon, and your eyes will water when you see the long-term costs. ServiceNow is a great platform, but there’s a better way.
Others, looking to save, might be tempted to just use PowerShell and Azure Runbooks or Power Automate. These are great tools and can also get the job done but the results will resemble band-aids and bailing wire. It’s cheap to start, but you’ll be forced to rip it out at some point. It’s lacking one very critical feature: Governance. You put IGA in for governance ... how will you govern this automation? You can get it to work, but it’s not where you want to be long term.
This is why we created the READI platform. It’s a purpose built back-office automation platform that is specially designed to rapidly “connect the dots”. It makes it exceedingly simple to automate, manage, and govern your back-office operations. It’s ROI focused - low-cost, immediate payback. You get immediate value with a “get it done now” style, but with full security, governance, and compliance features.
On first contact, many are skeptical – and why wouldn’t you be? Every other solution, short of a raw band-aid approach has been a major undertaking, but the READI platform has proven Rapid, Repeatable value over and over. We’ve helped so many orgs take their processes and automate them in only a handful of weeks. It’s one of the reasons that some of the largest systems integrators worldwide have turned to the READI platform to assist their customers.
Almost every org has had to address automation issues with some raw PowerShell and Runbooks, or Power Automate. The READI platform allow you to take those automations and literally copy/paste into the platform. Immediate security, audit, and compliance benefits in a few hours…the beginning of your path with the READI platform.
Let’s find out! Start with an analysis of your ITSM tickets. One of our engineers was kind enough to share some code to connect to ServiceNow and dump out tickets to a CSV file for analysis. Run this on your own as pure PowerShell, but better yet, we can do this for you, no-charge, on the READI platform as part of a trial engagement.
With the data in hand, analyze your tickets to determine how many could be automated. You’ll be surprised at the number of repetitive tasks and the amount of privileged grunt work. One company we recently helped freed up 13 admins in only 45 days. I challenge you to hire 13 seasoned techs that can be up to speed on your infrastructure in 45 days! Imagine what you could do.
So, you’re SLAs measured in days are a symptom of a greater problem. We’ve explored the problem and we’ve seen that there’s a solution to this problem. But you’re probably now thinking, “We don’t have time to deal with this right now… we’ll consider it next year.” It’s ironic that the resource limits are in fact another symptom of the problem. That’s why we offer professional services to accompany our READI platform. Our engineers have decades of back-end automation experience. They have done this for companies exactly like yours, many times over. They will engage and in weeks you will see benefits. Jean-Paul Calabio, CISO at Alorica (a 100K employee enterprise) took us up on the offer and said: “We were amazed at how quickly we could automate our identity processes with Readibots.” Have an SI you’re already working with? The largest SI’s in the world use the READI platform to address their customer needs. There’s never been a better time than now. The people needed are available. It’s just the power of a decision that is needed.
In only weeks you will:
Take the next step. Visit us at: readibots.com and inquire. Let us show you how to transform your Identity processes Now!