The Problems With Identity & Access Management
I am never a fan of being the bearer of dramatic bad news - "this industry is dead!", "that standard is dead!", "why are you doing it that way, that is so 2001!". Processes, industries and technologies appear, evolve and sometimes disappear at their own natural flow. If a particular problem and the numerous solutions are under discussion, it probably means at some point, those solutions seemed viable. Hindsight is a wonderful thing. With respect to identity and access management, I have seen the area evolve quite rapidly in the last 10 years, pretty much the same way as the database market, the antivirus market, the business intelligence market, the GRC market and so on. They have all changed. Whether for the better or worse, is open for discussion, but in my opinion that is an irrelevant discussion, as that is the market which exists today. You either respond to it, or remove yourself from it.
Like most middleware based sectors, identity and access management has become a complex, highly optimized monster. Tools on top of tools, to help you get the most out of tools you purchased long ago and sit at the bottom of the stack. Projects are long and complex. Milestones blurred. Stakeholders come from different spectrums of the organisation, with differing goals and drivers. Vendors have consolidated and glued together complex suites of legacy solutions, built on different frameworks and with different goals in mind. The end result? A confused customer and a raft of splinter point products that claim to offer speed and cost improvements to existing 'legacy' solutions.
The Modern Enterprise
I blogged recently about the so called 'modern' enterprise, and how it has evolved to include facets from the mobile, social and outsourced worlds. Organisations have faced tremendous issues since 2008 when it comes to profitability, with shrinking markets, lower revenues and more stringent internal cost savings. All of which, have placed pressure on identifying new and more effective revenue streams, either from developing new products faster, or by extracting more revenue from existing customers, by leveraging company brand and building better, more online focused relationships. All of these avenues of change, rely heavily on identity management. Firstly, by allowing things like online client registration to occur rapidly and seamlessly, right through to allowing new approaches such as mobile and cloud to be integrated into a single revenue focused platform.
Gone are the days when identity management was simply focused on managing employee access to the corporate directory and email server. Organizations are now borderless, with a continually connected workforce. That workforce is also not simply focused on employees either. The modern enterprise workforce, will contain contractors, freelancer and even consumers themselves. Bloggers, reviewers, supporters, promoters, content sharers and affiliates, whilst not on the company payroll, help drive revenue through messaging and interaction. If a platform exists where their identity can be harnessed, a new more agile go to market approach can be developed.
Scale, Agility and Engagement
But what does this all mean practically? New widgets, more sprockets and full steam ahead on the agitator! Well not quite. It does require a new approach. Not a revolution but evolution. Modernity in all levels, seems to mean big. Big data. Big pipes. Big data centres. Scale is a fundamental component of modern identity. Scale, too can come in many different flavours. Numbers yes. Can you accommodate a million client registrations? What about the process, flows and user interfaces that will be needed to manage such scale? Modularity is key here. A rigid, prescribed system will result in a rigid and prescribed service. Flexibility and a loosely decoupled approach will allow system and user interface integration in a much more reusable way. Languages, frameworks and standards are now much less about vendor sponsorship and much more about usability and longevity. Modern identity is really about improving engagement, not just at the individual level, but also at the object and device level. Improved engagement will result in better relationships and ultimately more informed decision making.
Ultimately economics is based fundamentally on clear, fully informed decision making, and if a modern enterprise can develop a service to fully inform and engage its client base, new revenue opportunities will sharply follow.
Originally Posted on Infosec Professional