How to Build a Roadmap for Identity and Privileged Access Maturity


In the realm of technology-driven progress, an identity and privileged access management roadmap provides focus on what truly matters amidst the whirlwind of possibilities. A well-crafted roadmap distills complex technological strategies into a concise framework of pivotal actions. It's not about mere planning, but about assembling a sequence of disciplined steps that propel an organization forward with sustained momentum. The IAM/PAM roadmap requires a blend of disciplined thought and action to transform your organization’s technological ambitions into tangible results. 

Watch our on-demand webinar about "How to Build a Roadmap for Identity and Privileged Access Maturity", recorded during our third annual Power Of One Conference.  

Presented with our partner, Idenhaus, we delve into a complete overview of how organizations can assess, enhance, and optimize their strategies, linking their teams toward common goals and corporate objectives to achieve enhanced maturity and security excellence.

Key Highlights 

  • Introduction to Identity and Privileged Access Maturity Model: Gain a solid foundation of the core principles behind the identity and privileged access management maturity model. Learn how this model can help organizations evaluate their current state and set clear goals the team can get behind for improvement. 

  • The Evolution of Cyber Threats: Understand why robust identity and privileged access strategies are essential to mitigate risks associated with data breaches, insider threats, and cyberattacks. 

  • Stages and Benefits of Maturity: Explore stages of identity and privileged access maturity, encompassing key components, best practices, and technologies for each stage. Realize the organizational advantages of a mature framework, including improved compliance, operational efficiency, and reduced breach risks. 

  • Assessment and Implementation Strategies: Uncover effective strategies for assessing your organization's current identity and privileged access maturity level. Learn how to identify gaps and prioritize improvements. Our experts will also discuss practical approaches to implementing changes that align with your organization's goals and resources. 

  • Building a Roadmap: A skillful roadmap simplifies the intricate technological strategies into a focused framework of crucial steps for your team to follow. It's a process beyond planning that becomes an orchestration of a series of deliberate identity and privileged access management actions that guide your organization. It requires thoughtful, systematic thinking and execution that turns your technology into tangible security achievements. 

  • Q&A Session: Engage directly with our panel experts during a live Q&A session. Get answers to your specific queries and gather valuable insights tailored to your organization's unique needs. 


Bart Allan

COO, Bravura Security

Ensuring customers achieve their ultimate desired outcomes in their identity and privileged access management programs is Bart’s key motivation. Bart oversees Customer Support, Professional Services, SaaS Operations, and Customer Education and works closely with the Engineering, Quality Assurance, and Sales teams to continuously improve customer experience through improvements to the product, services, and customer-facing processes and practices. Bart has been with Hitachi ID for over 6 years, has extensive experience in identity and privilege access management, and over 10 years in the IT industry. 

Hanno Ekdahl

Founder, Idenhaus

Hanno is the founder of Idenhaus, which has clients in financial services, CPG, healthcare, retail, manufacturing and local and federal governments. Hanno and the Idenhaus team excel at helping organizations design and implement effective Identity Management and Cybersecurity programs by focusing on the importance of leadership and the linkage between business strategy and the organization’s security goals. 

Hanno began his career at Novell Consulting, initially working as a strategist and later as a services principal. His focus on generating meaningful and measurable client successes at Novell earned him the prestigious President’s Award, an honor reserved for the top 2% of performers in the company. 

Prior to Idenhaus, Hanno was the co-founder of a management consulting firm where he received the US Army Commander’s Award for Public Service in recognition of his efforts that revolutionized and transformed the Army’s security clearance process. As a result of this project, the Army was able to reduce the time required to obtain a security clearance by 80% via a centralized, standardized and automated process for these clearance requests. 

Hanno received his Masters in International Business from the Moore School of Business and an undergraduate degree from the University of North Carolina – Chapel Hill. He was also a Fulbright Scholar at ETH Zurich, one of the world’s top 5 universities in engineering, science and technology. 

Ronald Bowron

Director IAM/IGA, Bravura Security

Ron Bowron has an affinity for problem-solving with new ideas and strategies. His ability to coordinate resources through complex and sometimes chaotic business processes to build viable, valuable solution frameworks has been the cornerstone of his career. 

Ron has worked with small, large and global organizations to solve complex business issues. He has years of experience with Identity Governance and Access Management solutions, Industry Standards (ITIL, ISO, EDI, HL7, SAML, OAuth, OpenId), and regulatory compliance with HIPAA/HITECH. Before returning to the IGA/IAM technologies, he worked in the field of Master Data Management as the Master Person Indexing (MPI) product manager utilizing advanced probability matching algorithms (AI, NLP), rules and remediation workflows as well as bio-metric authentication technologies to uniquely identify a single person among tens of millions of records and hundreds of contributing sources. 

Ron received a Bachelor of Science in Business Information Technology Management from Western Governors University (WGU), is a contributing author to HIMSS/IHE ITI Profiles, and has received acknowledgments of achievement from his former employers such as Novell (aka MicroFocus) and Dell. He is a former member of the Dallas Toastmasters International and is an active member HIMSS and DFW-HIMSS organizations. 


Identity and Privileged Access Management (IPAM) is essential to keep your business compliant with ever-changing regulatory requirements. Additionally, cyber threats are continuously evolving. This makes a robust IPAM program crucial for mitigating risks like insider threats, cyberattacks and data breaches.

Unfortunately, many companies approach IPAM as an “IT-only” effort, leaving out business stakeholders. Weak business alignment makes it difficult to gain buy-in to both fund and adopt the solution. If you're looking to strengthen your IPAM program and make it more of a team effort, we've created this guide to help you along.

The Complexity of IPAM

IPAM is more complex than many organizations realize — it affects nearly everything and everyone. Because there are so many projects for business stakeholders, it can be challenging to manage project scope.

For this reason, it's important not to underestimate the complexity of IPAM. It involves input from nearly all aspects of your business, including:

  • Business capabilities: The Identity Governance Program must ensure business drivers align with business capabilities. That way, you can measure, monitor and manage these capabilities to see how they affect business value.
  • Functional operations: Are the policies, standards and procedures established, documented and aligned with the skill sets within your program?
  • Actors: Does the program include all necessary tools, automation and resources to be successful? Additionally, consider whether you can manage the identified capabilities in-house or if you should outsource them.
  • Identity life cycle: Think about what identity types you are managing. Do they have defined service level agreements that align with their development, provisioning and de-provisioning of access? How well is your company working toward and achieving the anticipated outcomes?

Program Maturity Scoring Model

It's important to tailor IPAM maturity scoring models to different organizations, as each one is unique. You'll also want to communicate the maturity model's scale and metrics throughout the entire company.

Breaking up the model into different levels can make it easier to ascertain your organization's IPAM and make adjustments as necessary. However, keep in mind that too many levels can complicate the ability to differentiate meaningful improvements. Similarly, too few levels can hinder your ability to differentiate meaningful progression.

Bravura Security's IPAM Self-Assessment

Let's look at Bravura's self-developed assessment tool that helps organizations compare their IPAM against those of their industry peers. We partnered with Gartner and surveyed over 100 businesses to determine the maturity of their IPAM programs.

Our current IPAM Self-Assessment uses a 0-4 level maturity model:

  • Level 1: Fragmented Identity Indicators
  • Level 2: Unified IAM Indicators
  • Level 3: Contextual Indicators
  • Level 4: Adaptive Indicators

The average overall IPAM maturity of the surveyed organizations is 2.33 out of 4. The Idenhaus Full-Service IAM Strategy & Roadmap involves a 0-5 level maturity model and entails a wider set of domains.

How to Self-Assess Your Company's IPAM

By taking our self-assessment and partnering with one of our specialists at Bravura Security, you can identify the effectiveness of your current IPAM program. You can also discover opportunities for improvement. We suggest the following steps as a guide:

  1. Self-assessment: Use our five-minute self-assessment tool to benchmark your IPAM program against those of your industry peers.
  2. In-depth review: Review the data with one of Bravura Security's specialists to investigate strengths and vulnerabilities.
  3. Program and roadmap development: Work with our professional services team and integrator partners to develop a comprehensive IPAM program, reinforcing your strengths and addressing your areas of weakness.

Our Flexible Maturity Model

Quantitatively assessing your company's maturity is critical. Here are the scores we use and what they indicate:

  • 0: Nonexistent/Unprepared
  • 1: Initial/Ad-Hoc
  • 2: Defined/Tracking/Foundational
  • 3: Measured/Managed
  • 4: Structured/Policy-Driven/Proactive
  • 5: Optimized/Innovative/Anticipatory

The Benefits of Our Maturity Scoring Assessment

Having a means of self-assessing your IPAM efforts offers a multitude of advantages. Here are some benefits of our maturity scoring strategy:


  • Multiple domains: Our self-assessment tool looks at several domains, such as data quality, security management, password management, reporting and event analytics. These aim to give you the most accurate, reliable and exhaustive score possible.
  • A holistic view of your operations: By exploring a broad range of domains and areas, you can see a more comprehensive view of your organization and improvements that are in order.
  • Measurable metrics: Quantitative and qualitative metrics can help you visualize priorities and improvement opportunities for your IPAM roadmap.
  • Visually actionable: Our self-assessment resources make it easy to visualize IPAM improvement opportunities for your business. You can organize the opportunities for each category or domain into a bubble chart for a seamless view of how each one measures up.

The ability to score your IPAM program maturity can pave the way to creating an effective strategy and roadmap. That begs the question — how exactly do you convert these improvement areas into actionable initiatives?

Prioritizing Opportunities to Mature and Developing a Strategic Roadmap

When evaluating the results of your maturity scoring assessment, you can restate every issue or weakness you identify as an opportunity. Additionally, you can assign specific metrics to each opportunity in terms of business value and complexity.

Generally, business value is easier for organizations to collect. However, complexity requires experience in dealing with the opportunity, ensuring you don't underestimate its complexity.

We encourage you to use the following steps to build out your strategic roadmap:

1. Opportunity Charting

You can place the opportunities for each domain into a bubble chart to quickly see how they measure up. The qualitative and quantitative metrics you gather can help you visualize priorities and improvement areas. Essentially, the bubble charts group these priorities into a functional matrix and lay the groundwork for gaining buy-in.

2. Functional Matrix

We use a functional matrix to prioritize opportunities within capabilities. The functional matrix supports the categories as “swim lanes” within the IPAM program. It organizes the opportunities in priority order within their respective swim lane.

3. Strategic Roadmap

You can begin your roadmap efforts after laying out the functional matrix. Our depicted roadmap shows how it helps with prioritization, milestones and dependencies. The information is conveniently available to map out anytime, whether you're looking to create a 30-60-90 day, quarterly or annual roadmap.

Are you ready to get started? Head over to our Self-Assessment tool and the Idenhaus Full-Service IAM Strategy & Roadmap today.


Learn More About Enriching Your IPAM Program With Bravura Security

At Bravura Security, we deliver efficient identity management, privileged access and password management capabilities all in one powerful software. Partnering with our team is an excellent step in upgrading your organization's IPAM strategy.

Want to learn more about how Bravura Security can help you develop a successful IPAM roadmap? Request a demo of our software or contact us with questions today. We look forward to working with you!