My colleagues in the Secure Business Enablement team here a Gartner welcome you to the Identity and Access Management (IAM) Blog! We hope this can serve as a conversational forum for some of the big issues happening in IAM and related areas, such as governance, risk, and compliance (GRC) and even further afield. While you see this under my name, there will be frequent guests from my colleagues that have views, opinions, or comments to make about our research.
In fairness to you, I have had access to the Gartner Blog Network for some time, but I haven’t availed myself of the privilege. I resisted the idea internally because, being an old guy, I was irritated about the proliferation of what I viewed as useless acronyms (like blog). My colleagues are constantly amused about my rants on this topic, particularly when Gartner is the biggest offender at introducing yet more acronyms into the business (e.g. SOA), but still it can occasionally create confusion among customers. Oh well, it’s a tide too big to fight, and an acronym index must have a reason to live.
In an event, here we are. The topics that we will introduce will naturally center around the IAM business– the market, the practices, the strategies. IAM remains a pretty hot topic among our clients. We get literally hundreds of inquiry calls a month, not only from clients but vendors, service providers, resellers– all in the IAM business in one way or another. At least some of them think they are. Both you and Gartner have no doubt had long discussions in the past about what actually constitutes being in the IAM business, so I’m hoping that is something that is fairly well understood. Just in case, I will repeat a simplified definition of IAM my colleague Ant Allan introduced some time back to serve as a starting point for us:
” A set of processes and technologies to manage user digital identities, their relationship to civil identities, and users’ access to systems and information”.
Ah, that covers quite a bit, doesn’t it? It allows a lot of vendors to claim a presence in a market to help customers with IAM, and a lot of analysts to claim they’re IAM analysts. I often think of IAM (at least the ‘human’ part of it) as a means to create personas or avatars in the digitial world to represent you, taking care of them, and using them. Maybe that’s a consumer-ish or social networking-ish view of IAM, but it works for me. For vendors, the beauty of IAM is that you can make money from just about any part of it– defining the digital identity (i.e. the events that take place to ‘prove’ you’re really the person using that digital representation of you, building the actual digital persona, and keeping track of all of that) and using the identity to get to stuff (i.e. access). We use some pretty fancy words and presentations to describe the details, but that’s the essentials.
To close this introduction, it’s important to let you the reader know that it is our intent here to try to add real value to your decision-making when it comes to IAM. While we recognize the power of marketing and sensational stuff (I’m a fan of action movies with lots of things that blow up), I regret to tell you that sensationalism isn’t usually my forte when it comes to topics like IAM. As I said in a presentation this year, IAM is in my ways a lot like plumbing, and the only time plumbing is truly exciting is when it doesn’t work.
That means that you’ll seldom see eye-catching or gripping titles to try and attract you to read what’s in the blog. We’re going to do our best to inform you, and we’ll work hard not to make it dull, but first and foremost it’s about the customer, not the hits on the blog. If we can provide good observations to generate conversation in a forum like this that helps one person or company, it’s worth the effort.
Having given that disclaimer— buckle your seatbelt.