A “Form follows function” approach to Identity Management
The timeless principle of “Form follows function”
Every time I visit Chicago downtown, the colossal size and architectural grandeur of the fine buildings and historic landmarks leaves me with a feeling of awe and fascination. When a friend or relative is in town, I usually accompany them on architectural tours, because the curious mix of architectural styles and Chicago’s journey from Art Deco to Mid-Century Modern to Post Modern is best-explained by the architectural tour guides who blend the narration with history, humor and education.
During one such tour, the tour guide repeatedly made use of the phrase “Form follows function” attributing its origin to the famous American architect Louis Sullivan who called it “the law.”
Whether it be the sweeping eagle in his flight, or the open apple-blossom, the toiling work-horse, the blithe swan, the branching oak, the winding stream at its base, the drifting clouds, over all the coursing sun, form ever follows function, and this is the law. Where function does not change, form does not change. – Sullivan, Louis H. (1896)
“Form follows function” is one of prevailing tenets of modern architects and states that “the shape of a building or object should be primarily based upon its intended function or purpose.”
Applying the principle of “form follows function” to Identity & Access Management projects
Identity & Access Management (IAM) projects deliver a broad set of “functions” to enterprises ranging from single sign-on, password management, role management, user account lifecycle management to risk-driven access management, privileged account management and access certification. The rate at which new applications can be on-boarded onto the IAM platform is one of the key success criteria which is used to measure the success of IAM projects. As more applications integrate with the IAM platform, the information security office gets better visibility over application accounts, a deeper understanding of how these link to real-world identities and enhanced ability to track usage and enforce security policies.
As such, Enterprise Identity Architects are constantly looking for new ways to simplify application on-boarding and increase platform adoption. Traditional techniques such as evangelizing the benefits of the IAM platform or enforcing a top-down mandate usually does not elicit the desired response from application teams, as every application team is already struggling with their own priorities and the new IAM integration is often perceived as a “disturbance” to their existing business processes and support model.
It is in such scenarios, that IAM architects will benefit by applying the time-tested principle of “form follows function”. Let me explain using the “Chicago architecture” metaphor.
Just like a well-planned city allows architects to experiment and innovate with building styles, a well-designed IAM platform should provide application teams multiple integration options and the ability to use IAM as an enabler for digital transformation initiatives. These integration options and innovation models thus become “functions” which will eventually shape the “form” of integration.
The infographic below depicts one way of socializing your IAM platform “functions” to application teams and empowering them to decide the “form” they want to build on top of your IAM platform.
By providing different entry points to application teams, IAM architects can help teams strike the right balance between application’s security and compliance needs and the team’s ability to support the business process level changes that accompany the integration. In the long run, publishing an integration roadmap will also help applications teams build their own integration journey and align application capabilities with IAM platform capabilities.
And when that happens, it is a true measure of the success of your IAM platform and its ability to attract new “application tenants”!
Chetan Desai heads the Identity Transformation and Governance Practice at Persistent Systems. He is passionate about delivering identity-driven services and building robust identity ecosystems that can drive digital transformation.