Identity Management Success

Hello Everyone:

I told myself that I would not write a “predictions” column for 2007, but enough people have asked….so here goes. Before starting, let me preface the “predictions” by being completely open and honest about my perspective, and where it comes from. Identity Management per se, is primarily the purview of large companies and organizations. In other words, for the bulk of Identity Management “suites,” tools, and technologies on the market, there is little or no value to the small business or SMB market. Pieces of the suites - yes, complete suites - no. Think about that for a moment: without something difficult to manage (or a lot of something to manage,) there is little incentive to spend thousands or millions of dollars/euros/yen on large, complex Identity Infrastructure.

Identity Management is a necessity of both diversity and of scale. When companies start out, they tend to be “mono-platform,” perhaps choosing a certain platform direction such as Apple Macintosh, Windows, Linux, or UNIX. Or increasingly, smaller companies outsource some or all of their platform management to other companies. The companies invest in application “stacks” or “suites” that are specific to that platform. As the company grows, acquires other companies or becomes acquired, needs change. One size or platform no longer fits all, and the organization either organically, or by central mandate (often in the case of acquisitions, when multiple companies and cultures are suddenly thrust together and told to become a “cohesive, synergistic team,”) must start tying everything together.

As a company, we specialize in helping fix broken Identity Management Projects, evaluating vendors, separating fact from fiction, and building workable program/project plans that facilitate getting the job done right, and executing the plan. Because of this perspective, and what I see every day in the field, I view Identity not from the Identity Industry perspective, but from the client perspective. The consistent theme of both our business, and my blog posts, is practical, daily, Identity Management reality for the organizations that really use it and need it.

With any perspective, it is important to evaluate the source and understand motivations. Identity Management tool vendors or members of those organizations will present one perspective, user-centric advocates another, standards advocates yet another, industry analysts still another, and so on.

That said, here are my thoughts on Identity Management in 2007:

• 2007 will be more of an introspective year, and a “collect, organize, and synthesize” year.
  Many organizations began evaluations or full implementations of Identity Infrastructure (or IdMS) during calendar years 2005 and 2006. This move was driven largely by regulatory requirements, or what organizations perceive regulatory requirements to be. My position on Identity Management has always been that it is simply a collection of best practices bundled together in a reusable way, but best practices really do not matter much until people or companies are forced by external forces or adamant internal forces to implement them. During 2007, organizations will continue working on programs started in 2006. Those that are farther along, will begin the next phase of evaluations and research, which is to further integrate Identity Services into applications, infrastructure, and partner interactions.
• Suites will sell better than components, big vendors will grow bigger through Identity Management System (IdMS) sales
  Per my comments above, those that are implementing (or have implemented) Identity will focus on the integrated stack or “suite” approach. There are a number of reasons for this, primarily due to the incredible amount of consolidation in the Identity Management Space. No one wants to be stuck with a set of technologies that will be obsoleted in the coming years by time and attrition. An average lifecycle for full, end-to-end Identity implementation measures in the years for many, so it is important to buy right, and buy with confidence up front. Make no mistake: all the large Identity Vendors are maxed out with requests for resources, demonstrations, proof of concept work, training sessions, etc. This situation will increase as demand continues to increase.
• More Identity Management Programs will fail, or be re-evaluated/scoped
  As the IdMS installed base increases, so will the failure rate. Companies will tend to over promise, or scope their projects way too loosely due to regulatory, audit, and business pressures. Projects getting rushed, or attempting to include too much functionality in too short a time frame will falter.
• Companies will start talking more about Federation
  Please notice that I did say talking, not doing. For all the attention showered on Identity Federation, I do not expect the actual implementation numbers to jump dramatically in 2007. Those organizations that are far along with their current Identity Program, coupled with partners that are also far along in their program, will be the ones that do something about Federation. Keep in mind that by and large, Federation is an evolution of pure Access Management and control. Without a stable and moderately mature Access Management infrastructure, Federation cannot even begin to happen in a reasonable way.
• User-centricity will be flat or even go negative in the Corporate/Large Organization space
  I know user centricity is a great thing, and it is all the rage in the “blogosophere.” We all want simpler lives, fewer forms, more “single” sign on, company interoperability, more privacy, etc. But the reality is that companies by and large do not want it - certainly not for their internal employees, contractors, or extranetted business partners. Links Business Group, LLC formally supports OpenID and SAML for Federation and user centricity. However, Enterprise Identity and Access Management is all about control, management, compliance, auditing, reporting, ease of administration, ease of development, etc. Companies increasingly are tightening their definition of what a role is, and a person’s relationship to the role, to the organization itself, and to organizational partners and providers. Thus, Identity will continue to be much more about who the company thinks you are and wants to see, rather than who you think you are, and which details you decide you want to share with them. User centricity will remain in the purview of the techie and the advocate in 2007.
• Network Access Control (NAC) will grow — and will be of higher interest than pure Identity — in many organizations
  You have probably all read the stolen laptop, and data breach stories. I wrote about it a short time ago as well. Data loss, theft, and mismanagement is an increasing area of concern and has more immediate and dramatic impact on organizations than classic Identity Management. I cannot think of a single client that has not either evaluated or implemented some form of solution. What does this mean for Identity? It means that increasingly, NAC solutions will be tied together with IdM/IAM/IdMS solutions, to create more comprehensive and sweeping security infrastructure. Over time, NAC and IAM will converge at the management and policy level.
• SAML and WS-Security Federation Standards will both grow, and neither is going away
  This is the subject of an upcoming post, but for the “predictions” section, I am of the opinion that both have their place, both have ardent very large supporters and large real-world implementations, and neither is going away.
• That said, I believe that SAML will be bigger in overall Federation numbers
  Many moves afoot to integrate SAML into PHP and other languages, making it increasingly easier to deploy enterprise-grade Federation standards to web sites and portals. Of the user-centric initiatives, I think SAML will ultimately gain more traction due to its current and growing installed base, and due to the fact that most all organizations that do Federate, also have full SAML support in their solution.
• 2007 will see less consolidation in the Identity Vendor Space, and more concentration on integration, implementation, and ease of use
  Now that the large Identity Management vendors have made the bulk of their strategic acquisitions in 2005 and 2006, 2007 will see a greater concentration on delivering more value, features, and ease of use. The ease of use factor (or lack thereof) is one of the biggest stumbling blocks in Identity Management implementations. The vendor(s) that can offer greater ease of use, tighter integration among products in their suites, future proofing, and full standards support are the vendors that will win.
• Identity will have a positive net effect on application development
  Identity Management Programs drive other innovations and change. While I believe that 2007 will be a fairly “flat” year in terms of sweeping change, I am seeing a steady increase of new development and re-architecture efforts. An IdMS is a primary enabler and service layer, and for organizations that implement one, great economies of scale may be achieved.

There are my handful of predictions for 2007. I believe that in mid-2008 and 2009, Identity will have greater impact as an industry. Identity Management Suites will continue to mature, and by 2009, user centricity will see wider adoption as companies place Vista upgrades and infocard on their radar, coupled with greater SAML penetration in the Federation space. By the late 2008 time frame, most organizations will have an IdMS in place, some form of Network Access Control (NAC,) and begin to leverage those service layers to extend the functional areas of Federation and application development.

If you have questions or comments regarding the material above, or need assistance with your Identity Management Program, please contact Links Business Group, LLC at +1 877 769 8938, or send email.

Best regards,

Corbin H. Links, President
Links Business Group, LLC