Your Move: What Can we Learn About Solving IAM Problems From the Classic Board Game Risk?

Written by Dustin Hoff
September 17, 2024

Key Data ca blog banner featured image RISK

I spent some time playing RISK with my kids last week while I was on vacation, and while I was immediately focused on conquering more territories and defending against attacks, I also considered what lessons the game holds for our industry. Winning at RISK requires a combination of diplomacy, patience, and commitment, and I believe each of these keys to success translates to the IAM world.

For the uninitiated, RISK is a classic strategy board game where players aim to conquer the world by controlling territories, strategically deploying armies, and engaging in battles against opponents. Through dice rolls and calculated decision-making, players navigate a complex landscape of alliances and conflicts, striving to expand their dominion and ultimately achieve global domination. It's a game that rewards tactical thinking, risk assessment, and the ability to adapt to ever-changing circumstances on the battlefield.

Sound familiar? The thrill of strategic thinking in RISK, where the movements of other players can be unpredictable, is akin to the world of IAM. In the face of uncertainty, strategic thinking, ongoing risk analysis, and adaptability in the face of continuous change are key. Read on for my three RISK-winning principles we can apply to implement successful IAM strategies in the field.

RISK Game Strategies for IAM 2

Diplomacy: Building Bridges, Not Walls

The first key to success in RISK and IAM is diplomacy, which helps understand the motivation of other players and build alliances. This is important in RISK so you know where to place your armies and when to attack. We usually call this “change management” in the IAM world, and it is essential to know your stakeholders, understand their priorities, and prioritize your project activities accordingly.

Patience: The Power of Incremental Progress

The next key to success is patience. During the game of RISK, it is important to build your capabilities and conquer at least one territory each turn, but you don’t want to overextend your army by taking too many territories all at once.

In the same way, a successful IAM program must deliver incremental business value on a regular basis, and a “big bang” implementation is almost never a good idea.

While it’s tempting to go big or go home, prioritizing the delivery of tangible business value at regular intervals minimizes disruption, allows for adjustments, and promotes an organizational culture of continuous improvement.

Commitment: Playing the Long Game

Commitment is the final key to success, and it is equally important in both RISK and IAM. A good game of RISK can take many hours, and there will be plenty of ups and downs as you win and lose territory. In the same way, a complex IAM transformation doesn’t happen overnight, and commitment extends beyond the initial technology implementation. Successful IAM leaders commit to continuous application onboarding and rock-solid operations to improve user experience and reduce security risk across their organization.

From the Game Board to the Real World

As you navigate your way through these murky waters, consider how your teams can apply the lessons of diplomacy, patience, and commitment to your IAM initiatives. You can use these principles to guide your approach to project planning, vendor selection, and the critical ongoing operations that keep your IAM environment secure and effective.

Project Planning

Diplomacy in Action: Think of your stakeholders as the other players in a game of RISK. Before making any major moves, engage in open communication to understand their unique needs and concerns. This collaborative approach ensures the project aligns with broader organizational goals and fosters a sense of ownership, turning potential adversaries into allies.

Patience is Key: Resist the allure of a "big bang" implementation, just as you wouldn't try to conquer the entire RISK board in one turn. Break down your IAM project into manageable phases, prioritizing those with the highest impact or addressing critical security gaps. This measured approach minimizes disruption and allows for course corrections along the way.

Commitment Beyond Deployment: IAM is not a "set it and forget it" solution. Plan for ongoing improvement and adaptation. Establish clear metrics to track progress, regularly review and refine your IAM policies, and stay ahead of emerging threats and technologies. Steadfast commitment means continuously strengthening your defenses, just as you would fortify your borders in RISK.

Vendor Selection

Diplomatic Partnerships: Choose an IAM vendor who values collaboration and open communication. Look for a partner who actively listens to your needs, provides transparent insights, and is willing to work with you to tailor their solution to your unique requirements. Much like a strategic alliance in RISK, a true partnership can be the key to long-term success.

Patience in Due Diligence: Don't rush the vendor selection process. Take the time to research potential vendors thoroughly, request references, and seek evidence of successful implementations in organizations like yours. A patient and methodical approach increases the likelihood of choosing a vendor who can truly deliver on their promises.

Long-Term Commitment: IAM is a strategic investment, not a short-term fix. Choose a vendor who is committed to long-term support, product innovation, and staying ahead of evolving security challenges. Just as you need to adapt your strategy in RISK as the game progresses, you'll need an IAM partner who can grow with you.

Ongoing Operations

Open Communication: Foster a culture of transparency and open dialogue within your IAM team. Encourage team members to share ideas, voice concerns, and provide constructive feedback. This collaborative spirit, reminiscent of the negotiations and alliances in RISK, will lead to better decision-making and a more engaged team.

Continuous Learning: The IAM landscape is constantly changing. Invest in ongoing training and development for your team. Encourage them to stay abreast of the latest trends, technologies, and best practices. This ensures your IAM operations remain agile and effective in the face of new challenges, much like adapting your tactics in RISK as the game unfolds.

Adaptability: Be prepared to adjust your IAM strategies and tactics as your organization grows and changes. Regularly review and refine your policies, procedures, and technologies to ensure they remain aligned with your business objectives and security requirements. As in RISK, adaptability is key to staying ahead of the IAM game.

Winning the IAM Game

By embracing these three key principles — the very same principles that lead to victory in RISK— you can confidently navigate the complexities of IAM and construct programs that are not only resilient and adaptable but also well aligned with your organizational goals. Much like the RISK board, the IAM landscape is ever-changing. You’re not going to win the game of IAM with swift conquests but by playing the long game strategically, fostering alliances, making calculated moves, and adapting to the evolving terrain.

KeyData supports businesses and organizations as they improve, maintain, and adapt their identity and access management strategy. Contact us today for a free consultation.

And if you haven’t played RISK, check it out – it is a timeless classic.

05 About the Author

Dustin Hoff, Chief Executive Officer
[email protected] | Connect on LinkedIn

Dustin is a seasoned executive with more than two decades of experience in digital identity and cybersecurity industry. He combines extensive industry experience with a deep understanding of identity security trends and leading practices.

Subscribe to keep up to date on Identity Security developments,
upcoming events, and webinars.