CTOs here’s your 7-step guide to a great IAM strategy

In the face of many failed IAM projects, it’s imperative for you to have a robust digital identity strategy. 

This will help you secure your organisation against data breaches but can also be an effective guide to extracting the full benefits of your digital transformation journey. According to Bain & Company only five per cent of organisations achieved or exceeded their digital transformation objectives, don’t become a statistic.  

Here’s your 7-step guide to building a great digital identity strategy:

Step 1 – Assess your business priorities

The reason why most IAM programs fail is due to lack of alignment between the business and security team. 

As a security leader, you need to create this alignment. This happens when there is an understanding of the businesses strategic objectives and organisational priorities that have been identified by all business leaders. 

This alignment will ensure significant buy-in and support from the business but will also dramatically increase your chances of success in deploying this strategy. 


Step 2 – It’s time to audit yourself

The prevailing approach to all kinds of audits is heavily reactive. This makes audit season a dreadful time full of surprises and upsets. 

The most successful organisations, however,  are self-aware and continuously audit themselves. We consider this as best practise as it ensures full visibility of your strengths and weaknesses, supports a complete digital identity strategy and helps you control the narrative when audit season comes. 

A lack of self-awareness is what brings audit surprises and misalignment between your digital identity strategy and the actualities of your technology environment. 

Do you know how mature your businesses IAM program is? Why not take our free IAM Audit ?here

Step 3 – align between security and operations

The challenge is in the difference of priorities, between the operations team and the security team. While operations are mostly concerned with Availability, security is responsible for bringing the other two pillars of Confidentiality and Integrity to the table. Often times security and operations end up competing for limited resources and attention.

As a security leader, you must ensure that you align your security goals with operations to complete the triad of Confidentiality, Integrity and Availability. 


Step 4 – communicate your findings to exco 

As you build your digital identity strategy it might be difficult to be honest with the executive team regarding the real findings of your audits. 

If you have followed the steps above you should have a clear understanding of the strengths and weaknesses of your environment, business priorities as well as alignment and support with the operations team.  

Communicating with senior stakeholders regularly is important. They’re not security experts often get anxious as they’re constantly bombarded with negative cyber news. For example the introduction of the European Union’s General Data Protection Regulation (GDPR) and its related fines. 

Constant communication helps to ease this anxiety. 

Digital identity principles can be difficult to understand for non-techies. It’s important to try and find everyday examples around the world that show the impact of identity technology such as the biometric cards offered by Mastercard. Mastercard successfully launched remote biometric enrolment which allows their customers to register their fingerprint onto their biometric Mastercard from home. In this case, not only did Mastercard introduce safety and security but also introduced convenience for their customers. 

It’s time to take your strategy to the next level ?


Step 5 – co-create a vision  

Bringing your strategy to the board is the first step in getting business support for your digital identity strategy.  

As security and digital transformation are already top of mind for most organisations, they will be open to listening to a clear plan. 

Bringing your plan to the board allows you to get buy-in but most importantly you’re able to co-create a vision for the role of digital identities in achieving those organisational goals. 


Step 6 – share the vision

A digital identity strategy that stems from a top-level vision is easier to share and gain organisation-wide support. 

Sharing the vision with the rest of the business allows you to get that much needed input and support. 

You need to share the benefits of convenience, efficiency and reliability that are offered by securing digital identities in supporting digital transformation.  



Step 7 – get champions

The benefits of a complete identity strategy in are undeniable, but change is difficult. 

Part of your strategy has to involve business champions who will evangelise your digital identity strategy to the rest of your organisation. 

Generally these “early adopters” get it and will be more than willing to help you spread the message. It gets lonely being a CISO and the more evangelists you have on your side the better. 

A part of your role will need to see you being proactive in identifying these champion’s and involving them in your strategy  


You need to develop an IAM strategy that stands the test of time. 

The rise of cyber-attacks across the globe requires you to develop a proactive approach to your security activities. If you follow the steps as outlined above you will surely be on your way to a safer and more secure organisation.

Are you looking for a robust security system that doesn’t compromise the user experience? Why not download our eBook to help you ?


A cybersecurity expert dedicated to protecting organisations against the digital risks associated with digital transformation.

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.