Wednesday, April 28

Identity Enablement

I just got out of a session led by The Burton Group's Kevin Kampman who made the point that the Identity Management conversation is changing. It can no longer be about technology. It needs to be about business needs. Don't ask what is the tool? Ask what problem are you trying to solve?

During Q&A, somebody made the point that currently, Identity Management is often mandated by the security team who is implementing it as a way to enforce secure practices and restrict access where appropriate. The business owners may not always have the right to choose where they're comfortable with increased risk and where they're not. Valid point.

I think Kampman's point, though, is that in a larger sense, as the industry moves into the cloud and becomes further distributed, Identity tools will be more about enablement rather than restriction. Identity Enablement tools such as Federation solutions will enable conversations and transactions to take place that haven't been possible in past (and current) models. So, the conversation starts with a business team that is looking to expand its capabilities rather than with a technology team who might be focused on specific tool sets.

To me, it's a whole different mindset than traditional enterprise Identity Management. And therefore, it's an entirely different conversation (not just a re-focusing of the existing conversation.)

It will be an interesting decade for identity.


Matt Pollicove said...


I've got a real problem with this pronoucement, and I think most folks who come from the software and solution side of things will as well.

Years ago at MaXware we made the same pronoucement all the time. Particularly in our discussions of Synchronization vs. Virtual Directory.

Software is about solutions and if we are not providing them, then it doesn't matter what the technical background is.

I'm typically a big fan of Burton, but it bothers me when they (or any other big consulting/advisory outfit) states the very obvious and then it gets related as Gospel.


Matt Flynn said...

It sounds like you don't disagree but you see it as obvious and old news? Do you tend to agree with the idea that federation technologies are driven by a different set of business requirements than provisioning and access management solutions?

Matt Pollicove said...

Correct, it's old news and should be the rule of thumb for any IdM (or other Enterprise Technology) initiative.

Federation... don't get me started. Definitely a different set of requirements and if you are federating outside of your company there are (as you know) not only business requirements, but legal ones as well. It's most definitely a separate breed of project.

Matt Flynn said...

I pretty much agree re: 'rule of thumb', but Kevin is clearly not stupid. So, like you, I thought, 'don't we already know this?' and it led me to think about where Kevin is coming from.

I came up with two possibilities:

1. The audience for the talk is the TEC attendees, which is a highly technical group and almost entirely internal IT folks (based on a show of hands). So, while experienced IAM consultants know what it takes to have a successful project, it's entirely possible that THAT audience largely still thinks in terms of technology. Or at least tries to justify projects with technical-speak. The title of the session was 'Communicating the importance of identity infrastructure' so the point was made in the context of helping internal IT justify the costs.


Matt Pollicove said...

I guess that makes sense, but I thought today's IT folks are supposed to be more business aware, at the very least.

Given the topic of the talk, it certainly seems like a point to mention, but I don't know that it should be new news to anyone. The context you put it in seems to make it seem that this was the case.

Matt Flynn said...

2. He did talk a bit about our collective move to the cloud and a more distributed model. This is where I started thinking about what I've always felt was a paradox in our industry. The people working on OpenID and Cardspace were working on a very different problem set than enterprise identity management. I know they're related, but with different drivers.

So, I wondered if Kevin's talk was in part motivated by this move as if to say now that we're more outwardly focused, we can't start the justification discussion with "here are our systems and the associated technical components and challenges." We need to start with the business opportunities that can be realized. The difference being that today, companies are actually using cloud services and federation whereas a few years ago, it was more theoretical and often driven by a technology challenge.

Does that make sense?