Earl Perkins

My colleagues and I just returned from our 4th annual IAM Summit in San Diego last week. It’s hard to believe that it has already been 4 years since the summit was established. It is summits like these that allow us more concentrated “face-time” during these few days with clients and vendors than a good portion of the year, so we value the events very much from a research perspective. During these past 4 years, it appears that an evolution has occurred in the nature and type of IAM project or program underway in many enterprises– at least based on the questions and concerns discussed there.

Our theme was “You Are Here”, or the corollary I like to use to that was (and is) “Where are you?”. In other words, where are you in your project or program to delivering some enterprise value from IAM?  You could tell that there were still many enterprises struggling to some degree with more sophisticated aspects of IAM, e.g. role management or governance-specific concerns. I was a bit surprised, however, by the number that were still getting a start in IAM. They are primarily what you might classify as “mid-range” enterprises, from 2500-25,000 employees, and they do have basic, manually-driven IAM systems to some degree. But the automation isn’t there yet, and the increasing pressures of a more complex environment and more demands for their time and their services drives them to some level of automation.

My favorite parts of the summit were the two user roundtables I was privileged to host on role management and entitlement management. The conversations in both sessions (between 17-23 people in each) centered around role management. There was a small percent in each session (between 3-6 attendees) that had already tackled the issues surrounding role management, and they were questioned mercilessly on how they got started, how they defined certain elements in the project (including a definition of ’role’) and other questions about how to ‘do’ role management. There were no discussions regarding entitlement management, which was telling in and of itself.

These sessions told me a lot about the current progress clients were making in the assignment and administration of entitlements, and what kind of research publication was still needed for Gartner to deliver to help those who had not started. It also told me that role management, in whatever form, is alive and well, and there were increasing numbers of enterprises tackling this issue. They were universal in their belief that it was a “non-trivial task”, i.e. it would require much hard work and devotion to the initiative. Most importantly, it revealed what many of us already knew– it was not so much a technical initiative as it was an enterprise initiative to align policy, controls, process, organization and technology to reach deep into the enterprise with its impact. If I learned nothing else from these roundtable sessions, that was abundantly clear.

Finally, this event helps set the stage for 2010 and beyond– IAM is definitely evolving into something useful to and part of the enterprise. Whether it turns out to be a rich green field of opportunity or a weed-filled obstacle course is up to all of us.