Earl PerkinsI’m sorry– it has been a week since the last entry. I had the gall to take some time off from our exciting adventures in IAM, and being an old guy I actually took the time.
Before doing so, though, many of us (including my colleagues in other analyst firms) attended the CA Analyst Symposium this past week in Ottawa. This represents a series of symposia that have been occurring over the last 8-12 weeks with CA’s competition as well: Novell, Oracle, Sun, IBM, Courion to name a few. When you first become an analyst, you really debate about whether or not to attend these events, since it’s important to keep an arm’s length from vendors to be objective about them for customers. But it’s also important to know as much about them as possible, trusting in your “marketing filter” (some call it another kind of filter) to get to essential messages about roadmap, architecture, changes in market approach, successes and failures. The events sometimes take longer than they need to take ( I think vendors keep us there hoping by osmosis or device implantation they can affect research results), but they remain valuable sources of information.
The symposium this week made me realize some important facts about the IAM vendors and their efforts today, considering the current economic climate.
1- Most are doing better than the ‘average’ IT provider. They continue to sell, though the decision periods for sales have grown longer, many of their sales are smaller, and large sales are broken up over longer periods during implementation. They continue to develop new features and issue releases, continue to form service partner alliances, continue in their plans, and remain optimistic about their market and their own efforts. One vendor characterized working in today’s economy as “going up a down-elevator– if you can remain at parity, you’re doing well”. Most are at parity. Some are suffering. As you watch the law of the jungle play itself out, you can spot those not doing so well;
2- Most have specific campaigns for “recession purchasing”, i.e. either some discounting or an intensive focus and emphasis on what I call “success practices” rather than best practices, those lessons learned about using existing systems to their fullest potential and helping customers truly build cost justification in their proposals to management for IAM purchases. They are establishing training and guidance for IAM operations, recommending rapid implementation activities for deployment of new systems, delivering formal and thorough migration plans for moves from one IAM vendor’s implementation to their own. As we’ve stated here before, this is a sign of the maturation of this discipline;
3- Most are already looking ahead to the end of the recession, or at least its moderation. There is more focus on industry-specific requirements and services-based options, hybrid solutions, cheaper alternatives for specific IAM functions. I think that the consolidation in the industry with fewer vendors is beginning to affect longer-term plans of the remaining providers, allowing them to focus on tougher customer issues such as reliability and scale of implementations, accelerating business ease of use and relevance to the business directly.
Does this mean that the surviving IAM vendors are out of the woods now and everything’s ok? Oh no. The depth and duration of the recession can upset the most significant, detailed plans. The constant shift in alliances and ownership can wreck a well-crafted approach to competitive moves. But that’s what makes this an interesting field to work in and watch– eh?
Category: Uncategorized Tags:
1 response so far ↓
1 Ed King July 21, 2009 at 7:35 pm
Earl,
As the IAM market keeps on maturing, and most companies have some shapes and form of IAM investment, IAM vendors will have to pay more attention to competing against other security products for the limited CISO budget. IAM has the same challenge every other security product suffers from: the inability to develop a solid business model on the technology investment. Security based justification only goes so far in a mature market and can easily be overshadowed by the latest emerging technologies. For example, how does a CISO decide if DLP or IAM is more important? The vendors that figure out how to quantify IAM’s value, especially comparing to other security solutions, will be able to sustain above average growth. I’m not talking about your run-of-the-mill help desk savings from self-service and SSO. Security vendors need to look into quantifying their value in terms of risk, or something else equivalent that can be used as a measuring stick across different security technologies. A way to compare the apples and the oranges, if you will.
Ed