When I first ventured from the comfortable and familiar shore of the data center into the murky waters of project management, I had no fear. Nor did I have any real experience in the vast ocean of inter-departmental politics. Ignorance was bliss – but this, sadly, was not to last.
My first project was a breeze – implementing and integrating several framework disciplines, while migrating to a distributed systems administration model. It was great for cutting my teeth, providing a test bed to learn how to manage direct and virtual team members. And as the project was solely driven by the IT department, and was purely technical, it remained almost invisible to the bulk of the organization. It was a beautiful thing: all technology; no politics; pure geeky happiness.
But then came the day when I had to manage a project with very high visibility, a project that would introduce a dramatic shift in the organization's culture. This is where I learned about the political sharks.
These aren't just man-eaters – they prefer project managers. Since then, I have been involved in hundreds of implementation projects, both as a customer and as a provider of software solutions. The majority of these have been in identity management, since that discipline's inception in the mid-1990s.
Identity management projects seem to be the most hotly contested and politically oriented in modern IT. They cross all lines of business, and all levels of employees, customers, contractors and business partners. They also have extensive legal ramifications. So they tend to carry the most biased opinion and affect the sovereign and sanctified silos of data ownership.
Throughout all of these projects, a few basic practices make the difference between achieving success and becoming political shark bait.
Not technology alone
Everything that is done in a business organization has to contribute to profitability. Identity management projects are no different. At some point, before you take your project for funding, you have to establish the processes that will be improved and the money that will be saved. Nothing new there.
Today's identity-oriented world has a new consideration, however – regulatory compliance. Make no mistake, non-compliance can carry serious financial implications. But you also need to incorporate the traditional ROI models based on help-desk call reductions, increased end-user productivity and reduced risk and vulnerabilities.
Know your benefactors
This is sometimes more challenging than it appears. Are your biggest benefactors chief officers or departmental users? And is your project focused on a business-to-employee, business-to-customer, or business-to-business model?
The answer is yes. Identity-based projects are no longer independent silos, even if they're departmentally driven. At some point, the data that you manage will need to interact with other repositories and other processing engines.
There is a strong chance that the standards you adopt, create, or modify for an identity project will soon become the standards for other identity-affiliated projects. Everyone is a potential consumer of your services and you need to understand their identity and access requirements.
Never underestimate the value of commercial awareness. Your efforts to inform and educate your organization should be approached as an internal marketing campaign.
Get the right support
Start with your organizational chart and identify the leadership teams of each line of business and each major department. Then take a simple draft of your plan to each and solicit their input.
The goal is to draw support at the most senior level and to gain the cooperation of the contributing team members. Identity management projects cannot and will not be successful without the full support of your leadership teams.
In addition, the contributing and virtual team members have to gain a basic understanding of the technical processes that will enhance productivity and performance.
I have seen renegade projects and they seldom end well. On the other hand, a well-orchestrated series of informative meetings, assessment actions and enterprise-wide announcements can establish great credibility. Credibility and consistency are two of the biggest contributors to a successful project.
Now comes the fun part. Take your time and thoroughly research how identities are being used in your environment. Don't just go to the UNIX, Windows, mainframe or even your business applications teams. Go everywhere – shipping and receiving, HR, sales, development, marketing, audit and security, customer support. Go to any team that might be affected. They will learn they have a key role to play and you will then gain a supporter – plus a lot of data that will help you deliver a more effective solution.
Play and win the politics game
It can be frustrating, but luckily there is a way to stay the course. It all comes down to communication. Remember that your strongest adversaries could also be your strongest allies. Listen to them and try to understand their motivation.
Present your project in a spirit of genuine concern for the organization and assure them it is designed to benefit the entire enterprise.
In all likelihood, the people who are expressing concern are subject matter experts. As such, their opinions carry weight and should be incorporated if at all possible.
Most importantly, know when to use your executive sponsors as representatives and spokespeople. Use this trump card sparingly, however, and only if there is no other means to overcome an obstacle.
With ever-increasing importance being placed on automation, access, policy and provisioning processes, you could find yourself managing an identity-based project sooner than you think. You might wonder what you did to deserve such a fate. But take heart. As these are some of the most visible projects that you can be associated with, the rewards of executing a successful project are magnificent.
Chris Williams is marketing manager, identity management business unit, BMC Software