Friday, February 19

Next Generation IDaaS: Moving From Tactical to Strategic

Today, I posted a blog entry to the Oracle Identity Management blog titled Next Generation IDaaS: Moving From Tactical to Strategic. In the post, I examine the evolution of IDaaS and look toward the next generation of Enterprise Identity and Access Management. I believe that the adoption of IDaaS by enterprises has typically been a reactive, tactical response to the quick emergence of SaaS (and the associated loss of control). The next generation of IDaaS will be more strategic and carefully planned to better meet evolving enterprise requirements.

Note that I'm not talking about the technology. Nor am I talking about consumer use-cases or developer adoption of outsourced authentication. In this post, I'm looking at IDaaS from the perspective of enterprise IAM and the on-going Digital Transformation.

Here's a few quotes that capture the essence:
First generation Identity as a Service (IDaaS) was a fashion statement that’s on its way out. It was cool while it lasted. And it capitalized on some really important business needs. But it attempted to apply a tactical fix to a strategic problem.

Security functions are coalescing into fewer solutions that cover more ground with less management overhead. Digital Enterprises want more functionality from fewer solutions.

The next generation of IAM is engineered specifically for Digital Business providing a holistic approach that operates in multiple modes. It adapts to user demands with full awareness of the value of the resources being accessed and the context in which the user is operating. Moving forward, you won’t need different IAM products to address different user populations (like privileged users or partners) and you won’t stand up siloed IDaaS solutions to address subsets of target applications (like SaaS).

Next generation IDaaS builds on all the promises of cloud computing but positions itself strategically as a component of a broader, more holistic IAM strategy. Next-gen IDaaS fully supports the most demanding Digital Business requirements. It’s not a stop-gap and it’s not a fashion statement. It’s an approach enabling a new generation of businesses that will take us all further than we could have imagined.
 Continue Reading

2 comments:

Amar Tejaswi said...

Very insightful post on the evolution of Identity and Access Management systems. You pointed out that the basic role of IAM is shifting from "one of defense-and-control to one of enablement." But isn't enablement the mandate of an IAM system that is external users, or what is now called Customer IAM. Wouldn't this mean that there is a sort of convergence between traditional IAM and Customer IAM? Or is it just that traditional IAM is becoming more user friendly due to organizational and employee pressures?

Matthew Flynn said...

Hi Amar,

Thanks for the questions. First, I stated early in the post that I was primarily talking about enterprise IAM requirements rather than consumer scenarios. But, since you asked about customer or consumer IAM, here's what I'd say:

I don't think the distinction between enterprise and consumer matters as much as some vendors want you to think. My point was that the types of rules we put in place have traditionally been more obstructive in nature. We were trying to prevent people from accessing sensitive things. The on-going shift to Digital Business includes a shift in IAM to be more open. Grant first, but with controls in place. Perform security checks without the user noticing. Force strong authentication only when necessary. And these requirements may apply in both enterprise and consumer scenarios, depending on the organization's requirements.