Year End 2010 / New Year 2011 – Transcription (Episode 53)

Feature Segment: Q&A

In today’s main feature segment, we are calling this the Q&A, which as those of you who have been around the show for a while know, this is typically only just a part of a show, but because we have so much to cover, we are just making this the whole show.

What this is, just as way of background is, we get questions all the time:

  • Questions from the phone
  • Questions from email inquiries
  • People filling out the contact form
  • Clients contacting
  • Just day-to-day contacts with associates and so forth

We collect a lot of these, especially those that relate specifically to things that we like to cover on this show. Those questions that are very similar in nature, we will batch those and do what I call roll-up questions or wrap-up questions that may not be exactly specific questions, but they kind of encompass a number of related questions that we will have had recently. That kind of is a little bit of background on today’s Q&A segment. These are in no particular order, so let’s get started.

Question No. 1: What Software / Gear Do You Use To Release Your Podcasts?

We have had a number of questions, especially from colleagues in the industry who like the podcast and are interested in perhaps doing their own podcast. People ask me all the time:

  • What do you use to release your podcast
  • What software
  • What kind of gear
  • What kind of hookup do you have
  • And so forth

I will be honest and say that, we don’t use much in the way of sophisticated gear here. I don’t know if I have mentioned this before, but from a show standpoint, it is really just a couple of things. We use a Mac-based software for podcasting called Ubercaster. I will have a link for that in the show notes. The company that makes that is Pleasant Software, that’s www.pleasantsoftware.com. For a mic, I am now using an Audio-Technica AT2020; I think it is USB. I will also try to get a link for that in the show notes, but that is widely available on a number of internet product sites. It is a very very common microphone. It is not a lot of money. You can put these two things together and get yourself a decent rig for couple of hundred bucks, maybe a little bit more than that. If you are on a PC, sorry, I don’t know what to tell you there. I don’t use the PC for any of the media publishing, but this microphone that I am using is purported to work equally well with both. I hope that is helpful to all of the colleagues and people in the industry who have asked about it.

Question No. 2: How Do I Get Copies Of The Older Podcasts?

Now let’s go on to Question No. 2: How do I get copies of the older podcasts? I mentioned that earlier in this show, so I will just make a quick mention here that the best thing to do is, of course, subscribe to the feed if you are not already doing so, and that way you never miss an episode. As we archive off the shows, if we archive something that you wanted to listen to, then you will already have your copy. That’s the best way, is just to build your library of the show, especially if you don’t want to invest in the special product which I am going to be talking about here now, which is the IAM Show link, which is available from LinksBusinessGroup.com/TheIAMShow. That is episodes 1 through 50 in a:

  • Nice digital downloadable format with bonuses
  • Digitally re-mastered
  • Special liner notes
  • Notes from me and intros

It is a very nominal fee. I will forewarn you or mention that the link that I just provided will take you right to a purchase link. You are not going to go to a big description, bunch of pictures and everything. That literally is the link to pick up the product if you are interested. So that’s the way. If you don’t have all the older podcasts, if you are new to the show, that is the way to get them. Otherwise, if you have been around this show for a while, best way to keep collecting them is just to subscribe to this show. Then once you download them, copy them off.

Now, we do have the show in several places:

  1. 1. We have the feed which is Feeds.Feedburner.com/IAMSuccessTips. That’s one place that you can subscribe.
  2. 2. We have an iTunes feed, which is LinksBusinessGroup.com/iTunes.
    • (Most of our subscribers get the podcast via one of the above two methods.)
  3. 3. The third method is for members of the Identity Management Success List, which is available from LinksBusinessGroup.com/Join if you are not already a member. Every single time we are getting ready to release a new episode, it gets released there first. Membership does have its privileges as an additional incentive. So that’s another way.
  4. 4. In the mail that’s sent out, there is a link to download the episode.
  5. 5. Another way you can get it is, of course, we post the episodes to the blog. Inside the blog, there is a download link and an in-line player.

Lots of different ways to get the show. As I say, unfortunately if you are brand new, there are a whole lot of episodes and content that are not available for immediate download; however, if you buy the Collector’s Edition, then you can get all of the episodes through 50, and then all of the episodes from 50 on are, of course, in the feed. You will have everything and you will be able to keep in touch with all of the comprehensive content from the Identity and Access Management Success List.

Question No. 3: What Formats Are Your Products In?

The next question: What formats are your products in? I don’t see any of this information listed on your website. A few people have pointed this out and we have taken note. We are starting to add this information to the FAQ. And yes, it will be in the website here as we do some updates in the next few weeks. But just as a reminder, and I think I have mentioned this on previous episodes, we still get a fair number of inquiries about this. Just to be real clear, it is a pretty simple straightforward stuff on our formatting. We don’t do any DRMA and yes, that has worked against us. Unfortunately, there are some unscrupulous people out there in the Internet, no surprise, but by and large, we don’t apply any DRMA type protection to our files.

Audio Format

What happens is that when you order something that is in audio, for instance I mentioned the Collector’s Edition and we also have a full audio edition of IAM Success Tips Book: Volume I, those are high quality MP3 files. The recorded books in particular are 256k MP3 high-quality non-DRMA, non-protected audio and you get a big zipped file. Depending on what you are ordering, sometimes it is more than one zipped file and inside the zipped file are all the chapter files which comprise the book and an index and everything else. So that is what happens on the audio.

Digital Book Format

Now the books, the digital books are all standard. I think the PDF standard that it uses is 1.6, if I am saying that correctly. Those are all available as just standard PDF. If you have PDF 1.6 compliant reader, you are good to go. You can use your web browser or Adobe’s Reader or Foxit’s Reader, or whatever darn reader you feel like using, it is all up to you. Now they are protected files, I will mention that. They are digitally protected but they are not restricted, so you don’t need any special software or anything. I mean you can literally be downloading and reading Identity Management Success Tips literally within minutes. So it is very very quick.

Print Book Format

Now the books are 6×9 soft cover and of course varying lengths and dimensions and content depending on which you are using. If you are ordering the IAM Success Tips Trilogy set, it is in fact all three books. It is not one giant book that has just a number of different sections in it. It is all three distinct books. It is very very much the full package that you get for the print, and of course it is a fraction of the price of what you see on Amazon and it includes free shipping anywhere in the world. I hope that helps out answer some of the product inquiry questions, and we are putting some of this in the FAQ.

Question No. 4: If I Am Ordering A Digital Download / Book, When Do I Get It?

All right, fourth, we have had a number of questions about shipping and things of that nature. If I am ordering a digital download, when do I get it and if I am ordering a book, when do I get it?

Digital Products

Well, of course, digital products are available immediately on clearance of your payment. We currently, and I emphasize currently because things are always subject to change in addition, support PayPal or Google Checkout, both of which allow you to use just credit cards or you can use a Google Checkout account if you have an account, or you can use a PayPal account if you have an account. Contrary to still some persistent beliefs from the PayPal of years and years and years ago, there is absolutely no requirement to have a PayPal account to purchase anything from PayPal using a credit card. Just wanted to clear that out for a few people that are still asking about that, because granted PayPal was different maybe several years ago, but it’s a whole different scenario now. If you want to just use your credit card and you don’t want to give Google or PayPal or anybody else any of your payment information or set up a full account, best thing to do is just use the PayPal option. You can use your credit card right there past straight through and make your purchase without setting up an account. Digital products are available immediately on clearance, as I say. One thing we do like people to know is that if you have never done business with Google Checkout before, they do sometimes perform additional account verification, not a big deal, but what this can mean is that if you have never ordered from them before, they may hold your account transaction for additional verification, which we have found can sometimes take up to 24 hours before they will release the payment and send a notice into our payment center that your payment is cleared. The reason why we mention this is because we do have people, a lot of new people who decide to use the Google Checkout option and they mail us within 2 to 3 hours saying, “Hey, what’s going on, we didn’t get our digital downloads right away.” The only time that ever happens is when Google performs a secondary authentication or I should say additional research on your account before they clear the payment. As soon as it is cleared, they send us a trigger and your digital downloads are off and running. That’s kind of what’s going on with digital.

Print Products

Now print products, they are shipped USPS Standard, so there is a standard grade of USPS shipping. They go pretty much to anywhere in the world free of charge; that’s one of the many benefits that we offer in addition to all of the digital bonuses that you get from ordering books from us, where you would not get necessarily from Amazon or any of Amazon’s affiliates. It definitely pays to visit LinksBusinessGroup.com/Store and place your orders there.

Now long does it take, well if you are in the States or Canada or pretty much anywhere in North America, it takes up to 10 days; usually it is much less than that, but as a general rule it takes about 10 days. If you are outside of North America, it can take up to 20 days. If you still haven’t received your books 20 days after ordering, then we have a special email address orders@IAMSuccessTips.com, so that you can follow up. What we will do is, we will follow up with the distribution center on your behalf. After 20 days, that’s the key. Be sure to give it 20 days to find out what’s going on and make sure that you get your books in a timely manner. Now we have kind of gotten a lot of the books and FAQ information out just to kind of clear up a whole number of product questions that we have been collecting for the past few months

Now we are going to get into some Identity Management, so if you have dropped off earlier thinking “Oh, he is just going to be talking about books and stuff like that.” No, here is where it gets into Identity and Access Management.

Question No. 5: What Are The Current Best Practices For Identity Provisioning and Auditing?

What are the current best practices for Identity Provisioning and Auditing? Are there any open source tools that will help me for provisioning and what are other companies doing? That is a huge topic and it actually extends above and beyond what we can cover in this particular podcast, but I’m going to take a stab at this and try to succinctly as possible give you a “state of the union” so to speak, as to what we see and what many of our colleagues see a lot of businesses and organizations doing right now today.

Now as I mentioned and with the standard disclaimers, this is a constantly evolving and changing industry and the way organizations go about doing Identity and Access Management software purchases in implementation strategies, it is always changing. What my goal here is to kind of just share a snapshot in time, so these are things we have seen maybe over the past six months and things we are kind of projecting into seeing the next three to six months after that, and then beyond that maybe a year or two down the road, not really going to speak to that right now because as we found, the industry is just too volatile, not only from a technology standpoint but just from an acquisition standpoint. I mean companies gobble each other up all the time in this industry and yesterday’s top players are tomorrow’s little sub-niches or sub-organizations within a larger organization. I am not going to mention names right now, but I think we all kind of get the drift of where my comments are going there.

Five Primary Strategies for Identity Provisioning

Now to kind of step back and say that there are really five primary strategies today for Identity Provisioning and many many countless variations or hybrids of these five. Now these are not in any particular order, but there are essentially five global, if you will, overlying strategies for doing provisioning, and I am specifically talking about provisioning here and not the Access Management component, because the questions that we have been getting a lot of really are focusing heavily on provisioning and heavily on audit.

  1. 1. Build Your Own: The first thing of course is, this is the old standby; you can build your own. You can decide that and maybe you have already decided, but you have some kind of system or a series of systems in-house. Either the retail tools that are out there today don’t work for you or you just kind of have maintained a legacy system for provisioning and maybe even a little bit of auditing, and this is kind of your standard mode of provisioning. So that’s one model.
  2. 2. Leverage Open Source: Another model is, you can leverage open source and you can leverage what we call a “build some contract other” type model. What this means is essentially since you are going open source, for the most part you are trading at least some of your dollars and effort from software costs that you would otherwise have for things like software acquisition and licensing and maintenance to an open source solution. So you are not spending your dollars upfront necessarily in open source, but you are going to be then shifting your focus toward custom development, custom integration. I mean it is variation of the “build your own,” but it implies though that you are not necessarily building your own from the ground up, you are building your own or you are using open source of freely available components. So that’s another strategy.
    • Note: By the way, I should mention here that my goal in this very short time in trying to answer a lot of kind of roll up questions in one question is because we have others to answer. We are not going to cover it all, but as a background here, I am not really going to place judgment calls on this or get into a lot of advantages, disadvantages. That’s going to be a topic for an upcoming episode because it really is something we need to revisit on this show at least once a year as things change so frequently.
  3. 3. Continue To Provision Manually: Now manual, of course, most any organization I can think of is doing at least a little bit of manual provisioning. There is always that custom application or there is always that custom one-off use case that just for whatever reason can’t be automated or there just isn’t enough business justification to automate it, so it continues to be manual. This model kind of implies that there is some degree of manual provisioning, maybe it’s 100% or maybe it is something less than 100% or you are using a hybrid model of manual provisioning and some particular spot or tactical solution that may be tool platform or operating systems specific to help you out with the rest. Classic case in point might be is that you are a mixed shop, you have got some UNIX and you have got some Microsoft and maybe you have got some Linux and Mac and other things, and you have got some applications that are chained off of the Microsoft platform. So from your Microsoft platform, you are going to have perhaps a tool that ties into AD and uses native APIs and can maybe provision, de-provision, do some password management. Then likewise, you might have your UNIX side or your Mac side or some other custom. Maybe you have got some COBOL or FORTRAN or other kinds of big iron apps out there and they will all have their own system, but the main point here being that you have got some provisioning for some systems, other provisioning for other systems and then there is some other portion which is manual.
  4. 4. Buy a Full Featured Big Iron Heavy-Duty Identity Management Provisioning Suite: A fourth option is that you buy a full or mostly full featured big iron heavy-duty Identity Management Provisioning suite. So your Oracles, and your IBMs and your CAs and your Corions and your Novells and all the big players in the Identity Provisioning space, and yes there are many others which I have left out and not intentionally, but these are considered some of the biggest players, if you will, in this space. For those vendors they provide or say that they provide some measure of end-to-end Identity Management Provisioning and De-Provisioning for a large swath of the application portfolio space. So that’s one. That’s kind of the idea that you buy into this giant Identity Provisioning Solution with the idea that that solution is going to take over most if not all of your provisioning. It is going to take over your manual, and it is going to take over some of your automated, and it is going to supposedly eliminate your need to have to build your own.
  5. 5. Outsourcing: Then last but not least, it’s a newer model here in the past few years, but outsourcing and/or Software-as-a-Service. Essentially, whether you are outsourcing a suite or a tool or the staff management side of Identity Management or Identity Provisioning or you are going with a software-as-a-service vendor, an application service provider for instance that focuses just on provisioning and/or maybe some auditing, and that’s another model as well. You just don’t want to have any of this in your house or maybe you have some of it, some platforms, maybe your Microsoft platform or your UNIX platform or some other platform that you have, you want to just outsource apps that are on that platform, and of course all variations. It’s a big topic, so I will stop there so we can get into a little bit of the synthesis of where all this is going.

Summary

To kind of recap, we have five main strategies, and again heavy emphasis on the fact that these are overlying strategies. There are all kinds of combinations of these. I mean there are literally dozens of combinations of these strategies. I am only giving you the kind of the high level, so you get the idea of what the main focuses are for many people and companies in the industry. You can build your own from scratch or just something that you develop in-house with maybe some freely available components or maybe it is just completely from scratch. That’s one option. You can leverage open source and tie open source with closed source or the new trendy mixed source model, where you have some packaged and some open source and you glue it together in some form or fashion. You can continue to provision manually or use a hybrid of manual and automated or a combination of, you have some that’s manual and then maybe some it’s a spot or tactical solution, not a full end-to-end provisioning system, but maybe just some kind of tool that helps with the provisioning. You can buy the big iron tool and bring it in-house and do a full blown multiyear Identity Provisioning project, which is the way that a lot of organizations go even today, or you can just say I want to outsource some or all of this. Now, again, not to put too fine a point on it, but I am not going to get into the pros and cons, plusses and minuses or do any kind of matrixed analysis of this. I am probably taking an overly long time to answer what someone was asking is a series of what they thought probably were narrow questions, but of course as you can see, these are very very broad questions and we have had segment after segment of podcast episodes just dealing with these particular topics because they are so large. That is what the landscape is like today with those strategies.

What Are The Best Practices, What Are Other Companies Doing, What Should I Be Doing?

Now getting back to the question, so what are the best practices, what are other companies doing, what should I be doing?

What Are the Best Practices: Well in short, the answer for your organization really depends on your organizational model and whether or not you have crisply defined goals, objectives and requirements. I have beat on this like a dead horse for many years, no offense to horses or animal advocates, just an expression, but I have been going on and on about this for many many many years now, way before it was fashionable for other pundits to kind of hop on that. The idea is this, is that tools whether they are spot tools, tactical tools, enterprise tools, situational tools, build your own tools, whatever they are, all of these things have to be looked upon as things that automate and facilitate implementation of your business process. To break that down further, in more simple terms it means that whatever your business needs to do and whatever your business has decided that it needs to do to run itself on a day-to-day basis, Identity Provisioning Systems come in at the end of that. They have to not only help you figure out your process and tune your process and implement your process, but they are not magic bullets. None of these strategies is going to be a complete panacea for complex Identity Provisioning. I think a lot of the questions and people asking this question, they are tending to think of it in that way. They are tending to look at this as a solution, or what we call in the industry, they are solutioning before they are gathering requirements. This is something I want to make a huge huge point on in this topic.

Know Where You Are In The Organization And What Your Culture Is: Now with that said, first of all, you have to know where you are in the organization and what your culture is:

  1. 1. Are you an organization that has a lot of talented J2E or .NET developers in staff for instance?
  2. 2. Do you have a strong security department or application design security and development department that can easily create new applications and integrate with security systems, integrate with provisioning systems?

Well, if you are that type of organization, then option number one or two might be a real good strategy for you or some combination of those two strategies might be good for you. Likewise, if you are a company that has a lot of kind of level-1, level-2 type techs, maybe a few advanced people, but you don’t really have any Identity Management expertise in-house, then you will either maybe want to look at option five or maybe look at option four, which is the full featured suite and you will bring in a consulting team and/or an integration firm to deploy that with you.

It is a way of saying here that the answer is that it really depends, and I can only suggest that although this podcast is certainly I hope useful information, when you get to that level, you really do need to consult a professional. Of course you can call us, I mean we are one option and we have given the phone number previously or you can send us an email inquiry and we are happy to provide you with an hour of complimentary consulting for anyone who represents a legitimate company or organization. In other words, it is not done at an individual level, just to call up and set an appointment. But certainly at no cost, no obligation, we will provide you with some thoughts and maybe some strategy suggestions for your organization and I have talked about that before, but if you are interested in that, +1 800 507 3480.

What You Should Do Or What You Should think Of Doing: Now to get back to the idea of what you should do or what you should think of doing, I am going to answer the next part of this question is, well what are other companies doing. Well at this point in time, one of the answers maybe surprising, but this is what we are seeing people in the industry doing a lot of right now. Now of course this is a very general statement. There are all kinds of organizations doing all kinds of things, but this is kind of what we are seeing.

  1. 1. We are seeing a surprising number of firms, especially large firms that have talented development staffs in-house building their own. They are going fully with option one or two or a combination of one and two. They are fed up with the big iron packaged vendors, the cost, the license maintenance, the upgrade cycle, the sensitivity of things like integration agents and integration profiles that these tools provide for integrating between system A and system B. A lot of firms that have been through this, especially if they have been through two or three vendors or two or three tools, they just get to the point where they want to give up on it. Believe it or not, we are seeing a lot of firms doing that, so it has come back in vogue as a very viable option.
  2. 2. They are also doing a lot of option three, which is a combination of using specific tools and some measure of manual provisioning. There is a lot of that and what happens often is that the special purpose tools are brought in to augment manual provisioning. Then as the process matures and as the organization gets used to working with more tools to automate provisioning, then they decide either to go all the way or they decide to replace the combination of manual and spot tool with an overarching solution, which would be covered in option four or an option five scenario.
  3. 3. The other thing that they are doing a lot of actually is considering SaaS or outsourcing. Now this is not to say that all organizations by any stretch are hopping on this bandwagon. I mean SaaS for Identity Provisioning, my take and this is my perspective, is still several years away from universal acceptance. It is starting to happen but still at the end of the day, you have technology issues and data access issues and third parties needing access to certain systems within an organization that just present different types of challenges, both security-wise, politically, audit-wise and every other which way wise. We are a long way from seeing widespread adoption of full-blown outsourcing or SaaS, but a surprising number of companies are doing this with at least part of their infrastructure. We are seeing a lot of people piloting this very type of model.

For those of you who asked, “well what are people in the industry doing now,” that’s what we are seeing people in the industry do right now as of today. Now tomorrow, three months, six months down the road, that might continue to change a bit. What we are not seeing right now is we are not seeing a lot of companies buy into the whole big iron Identity Management suite approach for provisioning. This is not to say that companies aren’t doing it or that they are not upgrading their infrastructure or anything like that. I am simply saying that is a trend. We are seeing a much decreased interest in investing in suites. It is not just cost and complexity, but also just market fear for what’s going on with vendors and looking to see that today’s most stable large vendors with a large market penetration can suddenly be gobbled up and have their offerings closed and collapsed just like that. I mean it happens all the time. These are things that really drive concern and worry and risk concerns from large organizations.

Anyway, I am going to cover this a lot more in upcoming episodes and we have covered it to some extent in previous episodes, but good time to sit back and take stock at the end of this year and the beginning of next year to see what are companies doing and what are the current models of interest and where might that lead in the next few years.

Question No. 6: Where is Identity Management Success Podcast Going In 2011?

Number six I think on the list is where is Identity Management Success Podcast going in 2011? What’s happening? What is next? The podcast is going to continue and it is very very much alive. Even if it doesn’t appear for a while, it is definitely on the radar. It is in the business plan of our company for 2011; however, it will continue to be occasional at least for the first half of 2011. Now, notices are always sent out first to the members of the Identity Management Success List, so remember LinksBusinessGroup.com/Join if you are not yet a member. But for the next few months, I would say for at least the next into March/April timeframe, the show schedule is going to be sporadic. I am not even going to put a schedule out there because as soon as I do, it will have to change. But, we will continue to bring this show and as this schedule changes or if we decide to make it more or less frequent on a regular basis, we will definitely announce it here both on this show and in the Identity Management Success Mailing List.

Now for what are we going to be doing with it? Well, we will continue pretty much the same mix that we have. We are working in more Business IT Consulting related topics. We of course have a large percentage of our audience in the consulting, development and integration side of the business. We are going to be continuing our focus on that. We have also hinted at another podcast coming up which will have a more regular schedule and we will be making announcements on that to our list and eventually on to the podcast as well when it is ready. But we are actually going to be focusing a new podcast coming up in the not too distant future on more consulting related topics, so you want to stay tuned for that. Eventually what we will do is, we will break that out. It will be a completely different podcast, completely different focus and then this podcast here will continue to focus on IAM Program and Project related management as well as technical and integration issues. So that’s it. Also along with that, just a lot of the real world IAM content, my observations, things that we have learned, things that we are seeing people do. There is no fluff or overly conceptual topics here. It is all real world stuff and we are going to continue that trend.

Question No. 7: How Do We Start a Project With IAMSuccessTips.com and How Do We work With Purchase Orders?

This is a two-part question. I have been getting a lot of these here at the end of the year when a lot of companies, actually for us, the end of the year and the last quarter of the year tends to be a very very busy time for us. Not only do a lot of our existing clients work hard to get more and more features and services into production, but we also have a lot of client interest of new companies coming online wanting to take care of yearend projects. Variation of this question is, how do we start a project with IAMSuccessTips.com and how do we work with purchase orders, and Net 30, 45, 60 or things like that.

Some of this is in our FAQ, so I am going to try not to belabor some of that ground, but with us, project work is designed to be painfully easy. If you have an Identity and Access Management project and you really need to:

  1. 1. Get traction on
  2. 2. You need some analysis done
  3. 3. You have got some integration
  4. 4. You have had a vendor in there trying to implement something and the project has stopped out
  5. 5. You have had issues with right sizing or upsizing or downsizing
  6. 6. You have some complex new integrations
  7. 7. You are doing Software-as-a-Service implementations or you are doing SOA or what have you

If you want any kind of expertise or assistance in that at all, it is very very easy. Basically, you just call or email from your registered business address, this is important, so no Gmails and Hotmails. We are looking for legitimate business addresses and people that represent actual business or organizational type entities to work with, because we are a business-to-business firm, except for, and I do want to mention, individual one-on-one training, we do have individual one-on-one training for consultants, project and program managers. If you are interested in that, definitely give us a call, we will be happy to talk with you about that. But here in this context, I am talking specifically about Identity and Access Management projects. You can call or email, set up a complimentary appointment, we will get back with you. We will work out something that works with your schedule and our schedule and we will just sit down and have a chat. It is completely informal. There is no sales, no pressure, no suggestion of anything beyond having a meaningful dialog one-on-one to discuss your particular situation and provide our thoughts on that matter. Then after that, if it makes sense to look at doing a project, we will; if it doesn’t make sense, then at the very least our goal with the free consulting is that you walk away with some action steps and maybe some clarifying questions that you can take back to your organization to help you more tightly scope your project or gather requirements or work with the vendors that you need to work with depending on what your project needs are. So you do that, we sign papers, exchange payments and resources.

We provide the initial resources to you such as:

  • Interview documentation
  • Data collection matrices
    • We do all that upfront.

We provide that and plenty of time for you to go out and collect it, who we need to talk with in the organization, what kind of data we need, you get that at least two to three weeks generally, and it depends. Sometimes clients want to fast track something, but as a general rule two to three weeks out, you will get this packet of information that is tailored specifically to your project and to your business, and then we hit the ground and we work with your team and we get it done. We work solely on milestones, so everything we do is task and milestone based, that’s how we deliver, that’s how we bill, that’s how our invoices and scope of work documents work. It is very very very straightforward. We can actually spin projects up usually sometimes within just a few weeks if not less. A lot of that depends on you.

Now one thing we do like to mention, we are upfront about is, that all new clients and even most existing clients, we work on more of a development milestone based model and fixed price type model. What that means is that you can assume that there is going to be some upfront project start fee to gather all the resources, to book the time and to start working on your project. We are not a firm that will just show up and work for some period of time without invoicing or without payment. We do like to mention that because we get this question all the time. For those types of models if you are looking for kind of the heavier weight Net-45, Net-60, kind of thing, then definitely want to go with maybe one of the big three or four that can support that type of model of course, and you will pay commensurate rates with that as well. But that’s it, our standard packet is an SOW and an invoice, it is very very light weight. Our SOWs are inclusive. We will usually do an SOW, an NDA; either NDA separately or an NDA as part of the SOW and invoice. That’s it, we are off and running.

Question No. 8: Identity-as-a-Service?

Next question, lot of questions about Identity-as-a-Service, whether providing it as a service internally or either providing it externally or consuming it externally such as from a SaaS type provider and we have received so much interest on this topic. All I am going to say for now is that like the topic we talked about before, best practices and so forth, we are going to save this one for a future upcoming episode, so stay tuned for that. I don’t want to put a date on it, but we are definitely going to be having a whole discussion around Identity-as-a-Service, just that topic, because it is so broad, there is a lot of interest in it and a lot of companies are looking to move at least some of their Identity services in that model and direction.

Question No. 9: Hiring Internal Talent for IAM Programs?

The next question, we get a lot of and in fact we have had just a couple this month already, probably due to yearend, but people asking about hiring internal talent for IAM programs, specifically implementation, development, support and PM roles. Now we did do a podcast on this quite a while ago and I am going to say, it might have been all the way back to Episode 5, but if you want a detailed discussion on hiring and interviewing IAM talent, you want to do one of two things and preferably both.

  1. 1. You can check out the Identity Management Success Podcast Audio Collector’s Edition and that’s available at LinksBusinessGroup.com/TheIAMShow or;
  2. 2. You can pick up a Trilogy Edition of IAM Success Tips, which includes all the volumes of IAM Success Tips, in particular Volume II.

This topic of budgeting and project management, setting up program and project plans, hiring and firing and what kind of expertise sets you need and what an interview should look like, all those kinds of things are covered extensively both in the Trilogy Edition and also in IAM Success Tips: Volume II. So, I would check that out.

Now with that said, if you have a more pointed question on that, you can submit those questions to the podcast and we might talk about this in an upcoming episode, but the general gist of the question about how do I hire these people, where do I find this deep level IAM expertise. In short, know it isn’t easy because of the skill-sets, the background and just the industry time-in that is required to make a successful and competent Identity and Access Management person. If you want to get the skinny and the details on that, definitely check out LinksBusinessGroup.com/TheIAMShow or LinksBusinessGroup.com/Trilogy.

Question No. 10: RFP Responses?

Next, we have received a lot of questions from our consulting community about RFP responses. I have talked about this off and on over the past several podcasts. I get a lot of questions about:

  • Signing up clients
  • How to get people to execute contracts
  • How to get clients to sign
  • How much effort is reasonable to put in on a contract that may or may not be awarded or that may or may not be paid

Classic case scenario: You are working with a very very large company, maybe it’s a company or it could be a governmental entity or a scholastic institution or something like that, maybe it’s a regulated industry that has a lot of bureaucracy, a lot of requirements, and a lot of red tape. You are a small or maybe you are an individual consultant or you represent a small boutique consulting firm and you want to close a deal with a large company and it’s taking you a long time. I mean those big company deals, they can take weeks if you are lucky and usually it is more like months and sometimes, I mean, I have seen literally small companies work two to three years. I saw a company just a year ago that had been working four years to finally close the deal.

To get back to the question, the idea is and what people are asking us about is, how do I get that to happen, at what point does my customer or client acquisition cost not only just dollar wise but effort wise, because the more you are focusing on trying to acquire a client, the less time you are spending actually servicing existing clients or expanding your business opportunities with the clients that you already have, because they of course will always be your number one best source of ongoing revenue and project security.

With that said, my take on it is this. I can really relate to this question because it is something that I personally deal with, our company deals with everyday. Every day we are working with existing clients or new client inquiries and as always, we are a business like anyone else and we always have to look very very carefully at these situations and say, “Okay, how much effort do I put in?” It is really hard to answer this question succinctly because it is Identity Management answering the question of how much effort should I put in to close a contract, at what point do I stop working on it and focus my limited resources on other opportunities. It is always a very very difficult line to walk and something to try to balance. I can’t answer broadly to cover all situations, because if I could, we’d be doing it. My life as not only a consultant but as an engagement manager and a program manager would be a lot easier, but what I can do is, I can provide some guidance in the form of clarifying questions that maybe can help you make the decision for yourself on a case by case basis.

Now, here are some of the top consulting contract effort considerations you want to ask yourself:

  1. 1. Why do I want to do this contract with this bit of consulting to begin with?
  2. 2. Am I just doing it because I desperately need the money
  3. 3. Is it going to enhance my portfolio?
  4. 4. Is this client connected to others in the industry that might expand my business opportunities overtime?
  5. 5. Is this just maybe a tip of the iceberg type project that once I get in and I do the analysis, maybe there is a broader world of different types of projects available? One possibility.

That’s something you really have to ask yourself and why you are doing it and depending on what your answer is, that’s going to of course be a big driver for how much effort you spend. Kind of dovetailing on that, will it pave the way for future projects with the client? Is there an upside beyond cash value? In other words, is it a project where yeah maybe you are doing the first project, maybe you will come out ahead, maybe you will lose a little bit, but is it worthwhile to lose a little bit in terms of effort, time and money. If on the other hand, there is a much much bigger opportunity, and I don’t mean carrot waving here, I am not talking about the scenario where a client says, “Well, you know, if you take a cut right now, then we will promise you to give you more business.” That is a bad road to nowhere and I will talk about that in other venues; in fact, in the other podcast we are going to be doing is going to be a source of discussion, but as a general rule, those are some things to consider.

Now another thing you want to look at when you are working on a contract situation or you are in negotiations with the client — and by the way I should say that for those of you who are clients or consumers of service, just kind of reverse these scenarios, because you as a business that is considering the purchase or consumption of consulting services, you need to kind of ask some of these questions as well.

One of the things you want to measure as you go throughout is what’s it like working with this client or if you are a client, what’s it like working with this consulting firm. Are they prompt and responsive or are they slow and evasive. Obviously, if you want to be on the look out for slow and evasive, slow and evasive is a warning sign. As a very general rule, if you have problems executing on a contract, just getting it signed and getting paper work done and getting agreement, that is going to follow you all the way through the project, and of course can have very very negative impact when it is time to ask the client to pay the check. Because if they are disorganized or things are chaotic or it’s not happening upfront, guess what? That’s not going to go away the moment you sign the contract. That’s going to follow you all the way through, so you need to kind of really weigh that carefully.

Now does the client or the consulting firm have always some new reason not to have stuff signed or make the agreed deliverables for a contract? I mean are you trying to get contracts out and they are not signed on time or Party A or Party B says they are going to do something and they don’t do it and excuse after excuse after excuse, that’s something you have to look out for. Now, conversely though, and this is especially for smaller consultants and boutique shops out there, if I am working with a really large company, do you recognize that big companies move slowly, and do you recognize the fact that working with a large company inherits bureaucracy – period. That’s a fact of life. It should not in and of itself be considered a factor not to consider a contract, so you have to decide and balance all these other factors that we are discussing and that needs to be one part of it. Just because the contract process is moving a little slow, if it is moving correctly and if it is moving ethically and all parties are doing what they say they are going to be doing at any point in time, that’s okay; if that takes a few extra weeks that’s okay. Because guess what, once it is done, it is going to be just as hard in some cases to spuriously end that relationship if you have already established a good relationship and if you are busy delivering value from day one. Now another consideration is, does the organization truly have the sponsorship and buy-in that it needs to make the project a success. In other words, is it just some lower level representative of the company that just wants to get a project done for their own benefit or is this truly an organizationally sponsored initiative? Something else to factor in.

Next, if you go the distance and you execute the contract, how easy or difficult will it be for the firm that you are going to contract with to replace your firm? In other words, if you are going through all this trouble with them, is there a risk that they might just turn around and boot your company out and bring another company in? Something to consider. Now, put another way, will your team or your firm be considered strategic enough with this new client or if your client isn’t considered strategic enough for that consulting firm, to make future contract security more likely.

Then last but not least, and there are a lot of other factors here, but to kind of shorten this up because we are starting to run out of time also, ask yourself how low should I go for a future upside. In other words, from a pricing standpoint, how low or how high are you willing to go to maybe gain that future upside? And you want it, whatever that range is for you and your company. You need to have a crystal clear notion of that before you talk to that client, because as standard negotiation one-on-one, client wants the best service for the least amount of money, consultant wants to get the most amount of money for reasonable amount of service delivery, and so those two positions are always going to negotiate toward ideally something that is going to work out for both. But, whatever your range is for that, you need to have that and I should say even another bonus point on top of this is, no one will walk away.

If you sometimes have to walk away either in the middle of negotiations or you may get all the way to signing a contract and just things are not working out, maybe it’s one person’s fault, maybe it’s the fault of both parties and in many cases to be honest, people get caught up in faulting all the time, but the bottom-line is some projects are not meant to work out. Things can’t get executed on time, resources aren’t available, Company A has a business model that just isn’t compatible with Company B and vice versa. I mean there are all kinds of dynamics there. Instead of looking at it in the realm of fault or issue, it should just be considered that there comes a point in the contract negotiation where you just, and I am speaking mostly to consulting firms although the same goes for clients as well, I mean clients need to be able to walk away as well, just knowing. Don’t be afraid to get even to the point of signing and if things aren’t working out after that or things aren’t signed on time or within specification or agreements are constantly changing, I mean that’s another warning sign for you as a consultant, especially if clients are constantly changing terms or they are just not getting the things done when they are supposed to get them done. That does not bode well, especially for a fixed price project.

Now time and materials, maybe another story if you are working on a multi-year implementation deal, that’s a whole different thing. I mean you are just going to be submitting invoices monthly typically. You are going to be getting payments monthly. It just goes as long as it needs to go and the charge is whatever the charge needs to be and you work as long as you need to work. But for anything fixed price, those warning signs early on will indicate very clearly of whether a fixed price project with that particular client has a chance of success. That’s something you want to factor in.

Before each contract negotiation engagement, just be sure that you have examined all of these questions in-depth and that you have answers. If you don’t have concrete answers, I highly recommend that you get concrete answers to all of these questions that I have just posited it out there before you actually sit down and have your next conversation with the client.

All right now, this has been a long main segment, but I hope it’s useful and wanted to kind of balance out some of the FAQ information with a lot of the Identity Management questions we have had, so hope that’s been useful and let us know your feedback.