3 Ways IAM Can Help Organisations Establish a Future Ready Hybrid IT Environment

IT transformation over the past 15 months has reminded me of Mel Brook’s 1987 sci-fi parody movie ‘Spaceballs’.

Stay with me here…

In Spaceballs, our heroes escape the evil ‘Dark Helmet’ (gloriously portrayed by Rick Moranis) by fleeing his clutches at lightspeed. 

Our bumbling villain has but one choice...he must chase after them at ‘ludicrous speed’!

Back in 2019, it already felt like IT transformation was moving at light speed - cloud adoption was accelerating and the role of IT was shifting significantly from cost-center to business enabler.Then, in early 2020, COVID-19 hit us and everything changed. Strategic digital transformation roadmaps were thrown out of the window as organisations around the world rushed to rapidly scale remote working solutions and digital touchpoints for customers.

We had reached ludicrous speed.

The impact of continuity driven digital transformation

We have all seen the meme over the past 15 months. You know the one I’m talking about.

Who led the digital transformation of your company?

COVID-19 accelerated IT transformation, whether we were ready for it or not.

A report from management consulting firm McKinsey asked over 2000 C-level execs from around the globe about the impact the pandemic had on the rollout of digital initiatives. They found that implementation times were accelerated by 2000 per cent in 2020. 

The same study asked leaders to predict how long it would take to implement enterprise wide digital changes. These estimates were compared to the actual time taken to implement these changes during the pandemic.

The average expectation for scaling remote working throughout an organisation was 454 days. This was achieved in 10.5 days.

The expectation for launching a new online purchasing experience for customers was 585 days. This feat took 22 days.

What an exciting time for IT leaders. After all, it demonstrates the transformational quality of digital technology and shows just how critical IT is to an organisation’s success. However, it also highlights a significant challenge.

The IT world is now hybrid. According to IDC, by 2022 90 per cent of enterprises worldwide will have systems both on premise and in the cloud. 

COVID has been a catalyst for this trend. In the rush to respond to COVID-19, many organisations have accelerated their adoption of cloud-based SaaS tools alongside their existing on-premise infrastructure. In their haste, many of these adoption initiatives circumvented traditional security measures and introduced new layers of technical debt into IT stacks.

The result: the corporate security perimeter no longer exists and organisations' digital footprints are more complex than ever before.


A crisis or an opportunity?

It will take time for IT organisations to steady their ships after the chaotic speed and complexity of the past 15 months. 

However this situation also brings to mind a lesson from Winston Churchill: “Never waste a good crisis”.

Building a post-COVID IT strategy may be a daunting task but it is also the perfect time to reassess your estate and tech stack as well as identify new opportunities to modernise. 

Here I outline three such opportunities - exploring how you can ready your business for a hybrid future and the role that identity and access management has to play in in reducing complexity and creating secure, frictionless digital experiences for your organisation and customers.


Embrace and enable secure dynamic working

The first opportunity is centered around embracing the new paradigm of dynamic work - where employees can transition freely between remote and office-based working.

Preparing for the future of dynamic work means building flexibility and empathy into your IT systems, bridging the physical and digital into a seamless experience that securely enable collaboration and productivity.

This can only be achieved by becoming end-user focused, so you know exactly how the systems and tools you are implementing are helping or hindering their workflow.

You start the journey to securing workforce experiences outside of the traditional perimeter by adopting zero trust. 

An identity centric zero trust approach to security is centred around giving the right people the right level of access to the right resources in the right context. And this access should be assessed continuously.

By centralising access controls you can secure access for your global workforce, while at the same time supporting your HR team by automatically onboarding and offboarding accounts. You can also free up time for your IT organisation by enabling self service password resets. Organisation wide efficiency can also be increased by incorporating a passwordless experience for your users.

Your hybrid IT estate may be complex, but a zero trust strategy, with its foundations built on identity, will help clear a path toward a simple and secure experience for your workforce.

Address technical debt and consolidate IT 

The next opportunity is the chance to future-ready your IT stack via consolidation.

During the pandemic, many technology purchases were made to serve (what we assumed at the time were) temporary needs. This rapid adoption of cloud-based SaaS services circumvented security policies and left little time for organisations to build a robust, long-term hybrid strategy. 

Now is the time to address any technical debt that has accumulated from these business continuity measures.  

Take inventory of current practices and consider where inefficiencies and vulnerabilities lie. Retire anything that has lost value and focus on how you can further secure and improve the tools and systems that you wish to keep.

Once you have your hybrid strategy back on track you can then focus on establishing a unified identity experience across your cloud and on-premise estate. This will allow you to provide an integrated environment with centralised access controls and efficient, uniform security policies across all of your systems.

End users will be able to access any app, at any time, from anywhere - using one set of credentials - no matter where it is hosted.

Build customer-centric digital experiences

The third opportunity is focused on building future-ready, customer centric digital experiences.

The increased consumerisation of digital experiences has shifted the expectations of both your customers and your employees.  The boundaries have been blurred and people now demand seamless, user friendly experiences, whether at work or in their personal life.

The role of IT is evolving from a cost centre to a business value driver. IT is expected to enable peers and business groups to accelerate innovation. If you are solely focusing on how you can enable and protect your employees, then you are missing out on a potentially lucrative business opportunity. These same principles need to be applied outside of IT, in the products and experiences being developed for customers.

While you can’t enforce zero trust in your customer experiences, you can still use identity to manage risk. Fraud is a big concern for customers, especially when it comes to ecommerce and the sharing of sensitive data like online banking or on government portals. 

You can secure and streamline these experiences by integrating authorisation and identity management with customer data. Protecting customers from account takeover, while enabling a seamless access for users, cultivates trust which can prove to be a valuable differentiator against your competition.


The world of hybrid IT is only getting more complex. However, in the opportunities explored above, identity emerges as the lynchpin, enabling you to securely bridge the physical with the digital at a time where your workforce and customers alike demand a seamless and flexible experience. 

To learn more about how identity can help you manage risk and adopt a more robust and comprehensive security posture, download your free copy of ‘The State of Zero Trust 2021’ report. We surveyed 600 global security leaders about their zero trust initiatives and discover how identity-driven mindsets are securing various user types regardless of their location, device, or network.