Earl Perkins

Another sign of the maturation of the IAM industry in terms of available products/services and use is the renewed interest by customers in supporting multiple component IAM technologies. There are a number of reasons for this, but the most common I see now is economics. Customers would prefer to work with what they have to the extent they can, and if it means mixing a Tivoli Access Manager with an Oracle Identity Manager, so be it. Mergers and acquisitions have brought together companies with different IAM solutions, thus the issue arises of either migrating the acquired to the acquirer’s IAM solution, or learning quickly about coexistence. Interestingly enough, we’ve been here before, haven’t we? In the “old” days we used to talk about whether suites or best-of-breed solutions were the best for enterprises. It appears for many that the answer has been forced on them by necessity.

Well OK, this issues appears obvious– so what? I believe this is going to be a big issue for both vendors and customers, since it isn’t exactly like best-of-breed when the decision is forced upon you or economics demand you deal with what you have. Instead, it becomes an issue of optimization. One way to view this is to break down IAM into some basic component views. If I look across the spectrum of IAM offerings, what are some consistent characteristics they all seem to possess?

User experience: There is some kind of interface between a human and all of the things the IAM system can do. To the extent you can have business and IT process needs guide the user experience implementation, you have a greater chance of exploiting multiple user experience offerings from different IAM vendors. Look for the similarities, emphasize and exploit them, rather than complain about the differences.

Reporting: There are almost too many ways to deliver IAM output in the form of reports. Some consistency in frequent customer demands from the days when it was done manually can provide some guidance in packaging report ’sets’ for issues like compliance, performance and trouble-shooting. Look at any multiple-component IAM system in the context of those sets rather than what the products may deliver;

Integration: Now that’s a loaded term, isn’t it? There are a number of definitions for integration, but let’s keep it simple here. There’s the integration of the technology from component to component (e.g. directory to web access, say) and there’s the integration of IAM into the IT and business process through business process management, for example. Gartner is a big fan of the latter, and doesn’t place nearly as much relevance on the former as vendors do. That is a polite way of saying that ‘integration’ in the traditional sense in IAM suites is overrated. That doesn’t mean that it won’t be valuable in the long-term if a common set of middleware or program ‘platform’ for IAM components can reduce costs and do things like make the user experience and reporting we mentioned above more uniform, but in today’s world necessity is the mother of invention. Vendors have little choice but to integrate with their competitor IAM components at least as well as their own if they want to have a chance in an economically-constrained and pragmatic customer world.

Workflow: Most IAM component technologies have some kind of workflow associated with them to help them automate specific processes or procedures in an identity’s lifecycle. Of all of the characteristics of IAM solutions, customers ask about this one more than the rest, i.e. can they use some established service management workflow for their IAM automation needs rather than the one provided by IAM vendors. While there may be some differences in the way workflow is provided among the components, it’s evident that (a) a more common ‘integrated’ workflow offering addressing multiple component needs is necessary and (b) the flexibility to allow an existing business process workflow solution where possible is a requirement in the pursuit of reusability and economy. Does this contradict the argument I just made about integration being overrated? No, because we’re talking about the macro requirement of workflow across multiple IAM components, not the integration of those individual workflows within each component.

There are undoubtedly other “macro” characteristics of IAM solutions that I have not identified, and I would be happy to hear from you as to your opinion on what they are. Future Gartner research will no doubt explore this in more detail, if for no other reason that to talk about “meta”-IAM solutions (an overlay to multiple existing IAM solutions to allow them to work together rather than replace them) or to pinpoint the future home of major IAM capabilities as IAM continues to mature.