Coffee Talk – Sipping Joe with IdM Sales

Today I am sitting down with Mark Hanna, Sales VP of Integration Services.  Mark has been selling identity management and related services for more than eight years, has seen and heard it all.  Mark is not a coffee gourmand, so I am not going to ask him about coffee, although we do share a passion for sipping strong drinks (not something I am going to explore today.)


Mark, what are some of the comments that lead you to believe that a customer might need an identity management solution?


mark_circle_aWell, Nathan, that’s a good question; I love spending time with my customers and talking about what they are struggling with today.  Some of the most common comments I hear in my conversations are:

  • How can I accurately and efficiently manage all my user network accounts?
  • How do I efficiently de-provision user accounts, especially when I have a hostile employee who needs to be removed from AD immediately? More importantly, how do I make sure all their access is terminated?
  • When an employee leaves the organization on good terms, how can I remove their access without deleting their account?
  • How do I handle contractors or temp employees? Can I deactivate their account, so I can simply grant them access if and when they return?
  • How can I control who has access to information, files and data? Is it possible to create a workflow to manage the requests for access to this information?
  • How can I manage passwords? Can I implement some type of self-service password solution, so users do not have to contact the help desk?
  • Is there a way to have my users remember only one user name and password?
  • Is it possible to have my users sign in one time and have access to applications to do their work? If we do this, how do I control and keep up with who has rights to access those applications?
  • What if I need some applications to have a stronger password for access; can I automate that control?
  • What is the most effective way of demonstrating compliance? What can I do to demonstrate to auditors that my environment is secure, efficient and compliant?
  • We have a number of Web applications. Can we automate access to those, as well, and control who has access to those applications?
  • How can I grant external users, such as clients or employees, access to applications?
  • Our approval and request processes are labor intensive, whether it is for access to data, hiring or anything in our organization that needs approval. Can we create a workflow process and automate some of our approval processes?
  • We have so many disparate systems and applications. In fact, we have several instances of AD.  Is it possible to control access to these and control who has administrative rights to AD and our applications?

The short answer to all of these questions is yes; leveraging an identity management solution will help any organization automate, authorize, secure and comply who has access to information, grant access to what information they need, provision and de-provision users.  That said, identity management is different for every organization because every organization is unique.  They are similar in many ways but still different and unique.  That is the power in these solutions.  It can be tailored to meet the unique needs of any organization.


nathan_circle_qWell, Mark, that was quite the prolific answer; it is no wonder why I always see you with your headset on in the past years of working together.  With all these questions, how do you educate your customers about what identity management solutions can do for their organizations?


mark_circle_aFirst, I ask their unique business needs.  What are you having trouble with as it relates to managing or securing network accounts?  Once those areas are identified, we can begin an education process.  Identity management solutions are powerful tools that can be leveraged in many ways in an organization.  It has been my experience that once an organization discovers the power of an IdM solution and how it can be leveraged, it becomes a necessary tool to manage, secure and automate business processes.  It is no longer a “nice to have,” but rather a strategic solution to be leveraged across the whole organization.  The education process is applying the solution to solve business problems and issues.


nathan_circle_qVery interesting, so why do you feel like some customers are reluctant to implement a solution that helps with managing user lifecycle as well as automating business processes?


mark_circle_aIn most cases, it comes down to budget.  I have yet to meet anyone that, once they discover what identity management can do for the organization, does not desire to implement the solution.  It usually comes down to whether the organization feels they can secure and maintain network accounts with scripting or a manual process.  Scripting works, but it is not very efficient or secure, and ultimately someone has to be responsible for the scripting.  The good news is the IdM solution has an ROI that pays for itself, very quickly, and many times over.  That is part of the education cycle as well.


nathan_circle_qSo once you get you client educated, budgeted and started on a project, what kind of challenges have you seen them face?


mark_circle_aThe challenges come in three stages: discovery, implementation and completion.

In the discovery stage, we identify the business processes associated with critical applications and how HR, finance or other stakeholders manage processes of provisioning, de-provisioning and granting access.  Getting the individual stakeholders to buy into identity management can be challenging because most of us are resistant to change.  However painful, it has to be done.  Automating a bad process does no good.  Many organizations have leveraged identity management to completely overhaul and reengineer business processes within an organization.  This can be done only with a good discovery process followed by a thorough project plan.

During the implementation phase, scope creep is the biggest challenge.  Once implementation is in full swing, buy-in increases quickly, and stakeholders begin to see the need to solve additional business problems.  That sounds great, but it can become a challenge!  “Boiling the ocean” might sound like a good idea, but trying to do too much too soon creates an unwieldy project timeline and may result in rework.  It is much better to phase in an identity management solution and solve business issues in order of importance based on how critical they are to the organization as a whole.

During the completion of an IdM project, customers realize identity management solutions don’t come with pixie dust.  Automation is a tremendous thing, but it is based on a software framework that is utilized and leveraged to resolve business problems.  Not learning how to administer the solution is not in anyone’s best interest.  Learning as much as possible about the solution during the implementation will be invaluable long term as the solution grows within the organization.  An organization needs to be dependent on the solution not dependent on who implemented the solution.  Leveraging an identity management implementation expert is a good thing but not as an administration of the solution.  Leveraging the experts for “heavy lifting,” so to speak, is a good thing, using them for administrating your solution is not.  With a little training and hands-on knowledge transfer during the implementation and at the conclusion will pay dividends for the organization long term.


nathan_circle_qWow, Mark, you are full of useful information; it’s amazing to see all the things you’ve learned from client implementations over the years. After a successful implementation, what are some of the comments you have heard over the years about the impact identity management has had on organizations?


mark_circle_aThat’s the best part of the job: hearing how the work had a positive impact! Some of the comments that I have heard are:

  • “I had no idea there were that many changes to accounts in our organization.”
  • “We flew through our audit; we were in compliance.”
  • “If the information is right in one application, it is right in all applications. If it is wrong in one application, it is wrong in every application.  It’s nice to have the element of data integrity.”
  • “I now have full use of my IT staff; we are no longer managing passwords.”
  • “We no longer manage network accounts; they almost manage themselves. We look at them and know they are created, but we sure don’t spend the time we use to.”
  • “We now have a way to terminate an account and make sure they do not have any access to applications, especially e-mail and HR.”
  • “I sure sleep better at night knowing I have control over who has access to information both internally and externally.”


nathan_circle_qMark, I want to wrap up this Q & A with one last question; why should your customers feel comfortable talking honestly about their needs with you?


mark_circle_aWe are solution-focused instead of product-focused.  We take a consultative approach and match solutions to address and solve specific business issues.  We do not force our clients to change their requirements to meet the needs of a product, rather we are going to meet their requirements with a solution and leverage the right product or software to meet those requirements.  Plain and simple, our goal as a company is for our clients, customers and potential customers to have the best experience they have ever had working with an IT consulting/services company.

I hope this has gotten you thinking in a new direction about taking up or continuing on with an identity management initiative.

Nathan Wiehe


Nathan is the VP of Integration Services, he has been working in the IAM space for over 15 years. He enjoys writing and drinking coffee, not necessarily in that order.

Latest posts by Nathan Wiehe (see all)