Working on the ideal world of Identity and Access Management

Back to homepage

Click here for an overview of all news articles

The year 2005 had just begun. I was working at ING Bank. “Please, finish your current project ASAP and join my Security team to start an important RBAC project.” Those were the words of the manager that was to become my new manager. My first reaction was something like: “I like the idea that you will become my new manager, but what is ‘RBAC’?” This was the wobbly start of the most important move in my career.

Until that time I had led IT projects for more than ten years. During that period, I had become more and more jealous of architects and highly-educated technical project members because of their knowledge and the possibility to use that knowledge for creating new things. My thought was: “What would it be great to move from Project Manager roles towards Architect roles. But how do I manage that?”

Well, it went this way: I said ‘OK!’ to the proposal made by my new manager and started to set up the RBAC project. I stepped into the world of Identity and Access Management and found a world that, in my opinion, was very poorly developed. It was completely technology-driven. There was no relationship with the ordinary business people or the way they think. Both the people working in this world and the tooling available, which was supporting authorization request and audit processes, were technology-driven. So I knew: “Here is something to do”.

In consultation with my manager I took on the role of Project Manager and project Architect. I learned a lot about this subject and started to think about the ‘ideal IAM world’. To make my vision concrete and to challenge it together with others, I initiated workgroups at PVIB. I wrote some articles and  four Access Management letters together with interesting people. I became an IAM consultant. Especially my time working at Capgemini was very interesting. Together with some other senior colleges I organized IAM-sessions for other and junior IAM colleges. For a lot of different clients I worked in IAM projects as an Architect or as a Project Manager. My feeling was that in all projects the base questions are the same, the base solutions are the same, the base project plan is the same. “So why are we were inventing the same wheel every time?” I asked colleges and other specialists. “No we are not. Every situation is different!” most of them said. “Well, not to me,” was my reaction. “Just look from a functional level, then you see that the questions are all the same, only the solutions differ.”

To strengthen my IAM vision I developed the ‘Hermes framework’. This framework contains ‘the whole IAM world’. That means that all architectural levels and project aspects are included. In that framework, I had allotted all IAM-information a place. It became complex, but it was structured. I extended the framework by adding more and more relationships between all elements in all layers. Because of this framework, I am able to create an accorded project plan, including all elements such as planning, costs, business case, project risks, etcetera, within a few days. Also, I am able to bring all kinds of IAM situations fully in control in a relatively short time. For example, to solve all ‘Ist’-differences of a system in full harmony with business people in a short time track is not a problem anymore.

When my last colleges said about the framework “The use of your framework might lower your deployable hours,” I knew it for sure: I am going to start my own business, so I can serve my clients in a proper and efficient way. In November 2011, I started working for myself. I developed my own IAM tooling for supporting my IAM services in an optimal way. Nowadays, I help companies to implement IAM in a businessfriendly way and to get fully demonstrably ‘in control’. I also deliver IAM monitoring services to them for staying demonstrably ‘in control’ for external controlling instances.

So, I nearly found the ‘Ideal IAM world’. But because Identity and Access Management is still improving because of new technology developments and new business requirements, there will always be a new or better ‘Ideal IAM world’. So in the near future there is still a lot to do.

That is why I became a member of IDnext platform. As it says in the name: there is always a ‘Next’. That’s why this platform is so important to me. IDnext platform offers me to connect, share and exchange knowledge and experience with other experts and professionals in the world of Identity and Access management. Every member has his own focus or specialism. Sharing IAM-knowledge on a technical or abstract level or in financial or public branches is now a day’s ‘Must have’ if you want to keep in touch with new IAM developments. There is no time for boredom in the IAM world!

Jean-Pierre Vincent

Advisory board member IDnext

Owner and Identity & Access Governance Consultant at Averias