Is Your Identity Management Solution a Rube Goldberg Machine?

May 9, 2018

Idenhaus-identity-management-RubeGoldberg_v1.1 (1)

Is your IAM solution a Rube Goldberg Machine?

Rube Goldberg was a famous cartoonist known for his illustrations of machines that accomplish a very simple task in a very complicated manner. Like many IT projects, Identity Management is rife with opportunities to over-complicate the solution and formulate extremely complex designs that include all imaginable use cases and a broad range of exceptions.

The problem is that too much complexity is simply paralyzing. Take for instance the implementation of a new onboarding process that incorporates exceptions for different departments, divisions, worker types, and user groups. With so many exceptions, there is not a consistent design pattern to follow and the solution requires a lot of coding to accommodate the different processes, policies, and people. Remember, the odds of success are inversely proportional to the solution’s complexity! Therefore, we encourage organizations to reduce complexity for the simple reason that it works against the efficient operation and ongoing support.


The best solution methodology begins by looking for the simplest design pattern that works to solve the problem and then validating the design with business stakeholders. 

The design process should focus on two important things:
1) how to approach the design in the most straightforward way, and
2) whether or not it actually solves the problem.

Here are three questions to ask to simplify your IAM solution design:

  • What are the most important outcomes the IAM solution delivers for the business?
  • What steps or data could be removed from existing processes/systems to get those outcomes?
  • Are there any ‘sacred cows’ that need to be considered?

All of these questions are designed to focus thinking towards an optimized, efficient IAM solution by identifying what is a priority and how to achieve that priority simply. The last question is meant to identify any limiting assumptions that prevent the organization from building the best solution. For instance, the solution design may require managers to onboard users in a consistent way across the business, but stakeholders argue that "We couldn't possibly change the process, because it would be too cumbersome for some managers.” Time to tackle the sacred cow!

Given all this, simple problems that should have simple solutions wind up with unnecessarily complex designs. Complexity is like a virus. Once you have it inside your central systems, all the other layers eventually suffer from the same problem. Pretty soon, your IAM solution is an overly complex system that nobody knows how to maintain, every change causes a ton of other changes, and operating & support costs go through the roof. Unnecessary complexity turns the optimistic, positive, creative process of IAM deployment into a fearful, tedious, and frustrating process for implementers, operators, and users.


There is a significant difference between a solution that is simple and one that is simplistic. Just as blanket statements gloss over complex realities, it’s easy to cross over to an overly simplistic design when you try to reduce a complex problem so far that you factor out critical elements.  Then the solution may be super-simple, but it no longer works. An organization’s processes are a complex mix of people, systems, and policies and it can be difficult to control individual elements. These might include how systems respond to disruptions, staff performance, and what end users expect in the way of service. One of the reasons there is a difference between the Promise and the Reality of IAM solutions has a lot to do with how they are implemented. Simplicity is great until you take it too far, and then it stops working.


One of the biggest problems organizations face is the overall lack of discipline in the solution design process. When designing IAM systems, there are a lot of moving parts, a lot of people involved, and, time and patience are limited. The whole process is often rushed due to time and budget constraints. In this environment, it’s often easier to ignore difficult process problems and find workarounds that offer a “good-enough” solution and then move on to the next task. That may work well for part of the problem, but when you add too many stop-gap solutions, the result is an over-engineered, overly complex system. There’s most definitely a simpler and more elegant solution, but it requires a more disciplined and more rigorous design process that hardly exists in a typical IT shop.


The biggest attraction of monolithic solutions is their simplicity. It is so easy to say ‘give everyone the same access,' or ‘don’t change the business process,' or ‘let the system handle data quality.' The seduction of simplistic solutions is that they sound "right" and it's easy to implement them. The result is an overly complex solution that delivers little value. All of this happens because we didn’t withstand the waves of complexity during solution design and invest the time to find a simple solution. One idea is to take a page out of the Lean/Six Sigma playbook and dedicate time to analyze business processes for opportunities for improvement. Lean is about continuous process flow by streamlining the linkages between process steps (aka seamless automation) while Six Sigma focuses on reducing process variation (eliminate defects/errors). The goal is a solution design that is straightforward to implement and test.


IAM solutions can get unnecessarily complicated in a hurry. The ultimate IT goal is to deliver excellent solution quality and excellent value to the organization, which Idenhaus believes can exist together. For many organizations, this has been a formidable goal, and IAM programs have been notoriously dominated by poor quality implementations from global solution providers. In order to be successful, organizations have to be committed to a disciplined implementation methodology. A meticulous and persistent approach in pursuing simple designs that perform significantly better than overly customized bloatware. Leaders should remain undeterred in their vision to develop a solid, streamlined IAM foundation and insist on lean designs. In the end, most failed IAM solutions suffer from problems in one of these two areas: they are either too complicated, or they are too simple.

Learn how to find the right balance in my new digital book, Reimagining Identity Management: How To Design, Choose And Implement The Right IAM Solution For Your Business

Follow @Idenhaus on Twitter and subscribe to our biweekly newsletter.

By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Click here to contact us

More News