Identity Management Success

Hello Everyone:

A topic that comes up quite often — and rightly so — is the role of Business Systems Analyst (BSA) within an Identity Access Management (IAM) Program. What is the right mix of skills? How much of the hiring decision should be weighted toward business acumen, light development (XML, web forms, etc.), and requirements management?

In short, the answer depends on your IAM Program, scope, organizational composition. Before I post a representative job description, some background is in order. First, an Identity BSA is not like the traditional BSA. A traditional BSA works more closely with the various lines of business to determine which each business needs, what it is currently doing, what it wants to be doing in the future, and other factors as required by the stakeholders. The BSA then collates the information, separating actual requirements from wish list, and subjective preferences. A process of synthesis continues until business requirements, and functional requirements have been collated and prioritized. Synthesis complete, the BSA hands the list off to the development or program team for development and implementation. (In the interest of time, I am paraphrasing to an extent, and not intending to in any way minimize the criticality of a traditional BSA.)

Where the traditional model breaks in the Identity World, is that now the developers themselves are stakeholders, often with dramatically needs from one another. Application teams have their own requirements for integrating their applications with the IDMS, or for consuming its services. Each individual application (which can number into the hundreds or even thousands for very large organizations,) requires its own analysis and requirements gathering project. The Identity BSA must address all requirements, of all audiences.

In short, the Identity BSA adds the dimension of detailed developer (and general Identity Management) knowledge to the level that he or she can do some light development work,, especially in the area of Business Process Management (BPM). What is vital, is that the Identity BSA can:

• Collect all information
• Synthesize actual requirements from subjective wish lists and “nice to haves”
• Synthesize Business Requirements from the whole
• Derive Functional Requirements from Business Requirements
• Document workflows and process in a visual model
• Document future state (”to be”) workflows in a visual model
• Derive User Acceptance Tests (UAT) from the Functional Tests
• Translate future state workflows into executable business process.

Sounds like a tough role to fill? It is. Compound the difficulty by the fact that really large Identity Programs may need several. To help ease the process, I am including a sample Identity BSA job description. The usual disclaimers apply - it is not comprehensive for all possible situations, and your mileage will vary. However, when used effectively as a guideline, the list can greatly facilitate the hiring, placement, and effectiveness of this very crucial resource.

Read the rest of this entry »

Hello Everyone:

Several people have written to us asking about our blog comment policy. In short, we have always required membership to the blog (traditionally requiring a database account) and for the account to be logged in before posting. Additionally, all comments are moderated, and most posts have not been comment-enabled by default.

Why such a restrictive policy? Primarily to protect our company, our readers, our content, and to reduce spam. (This is a company blog, not a private one.) That said, we are partially re-evaluating the formal membership policy and are providing a “back door” if you will, which allows readers to sign in directly, and have an account created on the fly. The secret? OpenID, and a fantastic plugin for enabling OpenID logins. Note: To use this “back door” you must have a valid OpenID. OpenID’s may be obtained several places, but two that we can recommend are MyOpenID and ClaimID. Once you have a valid and confirmed OpenID, you may use it to sign in to our blog and post your comments directly from the “Comments” link, at the bottom of all new posts. Once signed in with your OpenID, you will be able to update your profile online, via the WordPress interface.

OpenID login is available immediately, but will only apply to posts from 1/11/2007 onward. If demand warrants, we will enable comments for previous posts as well. All comments continue to be moderated.

Questions about commenting on our blog? Please send email, or post a comment.

Best regards,

Corbin H. Links, President
Links Business Group, LLC

Hello Everyone:

I told myself that I would not write a “predictions” column for 2007, but enough people have asked….so here goes. Before starting, let me preface the “predictions” by being completely open and honest about my perspective, and where it comes from. Identity Management per se, is primarily the purview of large companies and organizations. In other words, for the bulk of Identity Management “suites,” tools, and technologies on the market, there is little or no value to the small business or SMB market. Pieces of the suites - yes, complete suites - no. Think about that for a moment: without something difficult to manage (or a lot of something to manage,) there is little incentive to spend thousands or millions of dollars/euros/yen on large, complex Identity Infrastructure.

Identity Management is a necessity of both diversity and of scale. When companies start out, they tend to be “mono-platform,” perhaps choosing a certain platform direction such as Apple Macintosh, Windows, Linux, or UNIX. Or increasingly, smaller companies outsource some or all of their platform management to other companies. The companies invest in application “stacks” or “suites” that are specific to that platform. As the company grows, acquires other companies or becomes acquired, needs change. One size or platform no longer fits all, and the organization either organically, or by central mandate (often in the case of acquisitions, when multiple companies and cultures are suddenly thrust together and told to become a “cohesive, synergistic team,”) must start tying everything together.

As a company, we specialize in helping fix broken Identity Management Projects, evaluating vendors, separating fact from fiction, and building workable program/project plans that facilitate getting the job done right, and executing the plan. Because of this perspective, and what I see every day in the field, I view Identity not from the Identity Industry perspective, but from the client perspective. The consistent theme of both our business, and my blog posts, is practical, daily, Identity Management reality for the organizations that really use it and need it.

With any perspective, it is important to evaluate the source and understand motivations. Identity Management tool vendors or members of those organizations will present one perspective, user-centric advocates another, standards advocates yet another, industry analysts still another, and so on.

That said, here are my thoughts on Identity Management in 2007:

• 2007 will be more of an introspective year, and a “collect, organize, and synthesize” year.
  Many organizations began evaluations or full implementations of Identity Infrastructure (or IdMS) during calendar years 2005 and 2006. This move was driven largely by regulatory requirements, or what organizations perceive regulatory requirements to be. My position on Identity Management has always been that it is simply a collection of best practices bundled together in a reusable way, but best practices really do not matter much until people or companies are forced by external forces or adamant internal forces to implement them. During 2007, organizations will continue working on programs started in 2006. Those that are farther along, will begin the next phase of evaluations and research, which is to further integrate Identity Services into applications, infrastructure, and partner interactions.
• Suites will sell better than components, big vendors will grow bigger through Identity Management System (IdMS) sales
  Per my comments above, those that are implementing (or have implemented) Identity will focus on the integrated stack or “suite” approach. There are a number of reasons for this, primarily due to the incredible amount of consolidation in the Identity Management Space. No one wants to be stuck with a set of technologies that will be obsoleted in the coming years by time and attrition. An average lifecycle for full, end-to-end Identity implementation measures in the years for many, so it is important to buy right, and buy with confidence up front. Make no mistake: all the large Identity Vendors are maxed out with requests for resources, demonstrations, proof of concept work, training sessions, etc. This situation will increase as demand continues to increase.
• More Identity Management Programs will fail, or be re-evaluated/scoped
  As the IdMS installed base increases, so will the failure rate. Companies will tend to over promise, or scope their projects way too loosely due to regulatory, audit, and business pressures. Projects getting rushed, or attempting to include too much functionality in too short a time frame will falter.
• Companies will start talking more about Federation
  Please notice that I did say talking, not doing. For all the attention showered on Identity Federation, I do not expect the actual implementation numbers to jump dramatically in 2007. Those organizations that are far along with their current Identity Program, coupled with partners that are also far along in their program, will be the ones that do something about Federation. Keep in mind that by and large, Federation is an evolution of pure Access Management and control. Without a stable and moderately mature Access Management infrastructure, Federation cannot even begin to happen in a reasonable way.
• User-centricity will be flat or even go negative in the Corporate/Large Organization space
  I know user centricity is a great thing, and it is all the rage in the “blogosophere.” We all want simpler lives, fewer forms, more “single” sign on, company interoperability, more privacy, etc. But the reality is that companies by and large do not want it - certainly not for their internal employees, contractors, or extranetted business partners. Links Business Group, LLC formally supports OpenID and SAML for Federation and user centricity. However, Enterprise Identity and Access Management is all about control, management, compliance, auditing, reporting, ease of administration, ease of development, etc. Companies increasingly are tightening their definition of what a role is, and a person’s relationship to the role, to the organization itself, and to organizational partners and providers. Thus, Identity will continue to be much more about who the company thinks you are and wants to see, rather than who you think you are, and which details you decide you want to share with them. User centricity will remain in the purview of the techie and the advocate in 2007.
• Network Access Control (NAC) will grow — and will be of higher interest than pure Identity — in many organizations
  You have probably all read the stolen laptop, and data breach stories. I wrote about it a short time ago as well. Data loss, theft, and mismanagement is an increasing area of concern and has more immediate and dramatic impact on organizations than classic Identity Management. I cannot think of a single client that has not either evaluated or implemented some form of solution. What does this mean for Identity? It means that increasingly, NAC solutions will be tied together with IdM/IAM/IdMS solutions, to create more comprehensive and sweeping security infrastructure. Over time, NAC and IAM will converge at the management and policy level.
• SAML and WS-Security Federation Standards will both grow, and neither is going away
  This is the subject of an upcoming post, but for the “predictions” section, I am of the opinion that both have their place, both have ardent very large supporters and large real-world implementations, and neither is going away.
• That said, I believe that SAML will be bigger in overall Federation numbers
  Many moves afoot to integrate SAML into PHP and other languages, making it increasingly easier to deploy enterprise-grade Federation standards to web sites and portals. Of the user-centric initiatives, I think SAML will ultimately gain more traction due to its current and growing installed base, and due to the fact that most all organizations that do Federate, also have full SAML support in their solution.
• 2007 will see less consolidation in the Identity Vendor Space, and more concentration on integration, implementation, and ease of use
  Now that the large Identity Management vendors have made the bulk of their strategic acquisitions in 2005 and 2006, 2007 will see a greater concentration on delivering more value, features, and ease of use. The ease of use factor (or lack thereof) is one of the biggest stumbling blocks in Identity Management implementations. The vendor(s) that can offer greater ease of use, tighter integration among products in their suites, future proofing, and full standards support are the vendors that will win.
• Identity will have a positive net effect on application development
  Identity Management Programs drive other innovations and change. While I believe that 2007 will be a fairly “flat” year in terms of sweeping change, I am seeing a steady increase of new development and re-architecture efforts. An IdMS is a primary enabler and service layer, and for organizations that implement one, great economies of scale may be achieved.

There are my handful of predictions for 2007. I believe that in mid-2008 and 2009, Identity will have greater impact as an industry. Identity Management Suites will continue to mature, and by 2009, user centricity will see wider adoption as companies place Vista upgrades and infocard on their radar, coupled with greater SAML penetration in the Federation space. By the late 2008 time frame, most organizations will have an IdMS in place, some form of Network Access Control (NAC,) and begin to leverage those service layers to extend the functional areas of Federation and application development.

If you have questions or comments regarding the material above, or need assistance with your Identity Management Program, please contact Links Business Group, LLC at +1 877 769 8938, or send email.

Best regards,

Corbin H. Links, President
Links Business Group, LLC

Happy New Year from Links Business Group, LLC!

2006 was an exciting year in the Identity Management world, and 2007 is already shaping up to be even better. From all of us here at Links Business Group, LLC, a hearty thank you for the readership, and the positive feedback we have received from our blog, podcasts, and web site. We plan to offer even more content this year, and welcome the chance to be part of your Identity and Access Management plans for 2007.

Here are just a few of the things we have planned for 2007:

1. Expanded web site, including additional interactive facilities for our clients
2. “Interview the Experts” podcast series. We are excited about this one, as it gives us (and you) a chance to interact with some of the best minds in the business. As always, we will continue to focus our materials on the practical, every day reality of Identity Management and avoid the philosophical.
3. Expanded blog posting. We receive a lot of requests from clients and readers asking for more posts and expanded industry covered.
4. New Features and Articles
5. Expanded Small Business Identity Services
6. New Newsletter Format
7. And much much more…

As always, we welcome your comments and feedback. We may be reached at +1 877 769 8938, or via email.

Best Regards,
Corbin H. Links, President
Links Business Group, LLC