Earl Perkins

A member of the Gartner Blog Network

Earl Perkins
Research VP
5 years at Gartner
32 years IT industry

Earl Perkins is a research vice president in the Security and Privacy team at Gartner. His focus areas include identity and access management (IAM), including user provisioning, role life cycle management… Read Full Bio

Coverage Areas:

The Target Dimensions of Identity and Access Management

by Earl Perkins  |  April 16, 2012  |  4 Comments

There are so many ways of looking at IAM, but is looking at IAM differently helping you to DO anything differently? Let me explain.

The market for IAM tools and services coalesces around 3 primary ‘targets’, or environments where managing IAM is a good idea. Those areas are (1) data, (2) systems, and (3) applications.

In the vast majority of cases, data is the ultimate target for users of IT systems. That data may be structured, semi-structured, or unstructured, but at any one moment in time we’re after some data, information, or knowledge to make a decision and/or initiate an action. The IAM and related security industries have products that tend to focus more on data than other dimensions, products such as DLP for example.

When I use the word ‘systems’, I am encompassing IT platforms, operating systems, and networks together. Again, you’ll find a number of products that focus on these systems as the primary target for IAM. Privileged Account Activity Management (PAAM) is a prime example here, as well as some access management solutions.

The applications dimension of IAM is where a lot of action is taking place in the industry today. Mainstream access governance and provisioning solutions have applications as their target focus, and the solutions are architected around how to manage identities for application access.

When an enterprise knows what how the IAM products and services markets target these dimensions, it makes planning easier. It reminds me of the old saying “when you have a hammer, everything looks like a nail.” Remember that IAM products first start as an idea in someone’s head, and if that person has a data, system, or application ‘hammer’ dimension, it’s likely the product will reflect that.

It’s important that the planning and design of an effective IAM system NOT be driven by the way the market defines targets or dimensions, but instead on what then enterprise’s true requirements are and what is currently available in the enterprise to sustain an IAM program. It is one reason why Gartner is emphasizing the concept of an “identity data model” to more formally address the first dimension described here, the data dimension of IAM.

The data dimension itself has three targets: (1) the IAM data itself (identifiers, credentials, attributes, entitlements, etc.); (2) the log information of IAM activities and events, to be collected, correlated, analyzed, and used; (3) the target data to be accessed, structured, semi-structured, and unstructured (e.g. database contents, documents, messages, etc.). An understanding of how all of these different kinds of data interact is the first step towards addressing the data dimension of IAM.

Now you have another way of looking at IAM. Hopefully it is one that can help you plan, build, and operate such systems more effectively.


Category: IAM     Tags:

4 responses so far ↓

  • 1 The Target Dimensions of Identity and Access Management | Allidm.com   April 16, 2012 at 10:59 am

    […] products that tend to focus more on data than other dimensions, products such as DLP for example. Read more here… Tagged with: iam • IAM Best Practices • IAM Solutions • Identity • Identity […]

  • 2 idan   April 16, 2012 at 11:50 am

    That’s a nice model, Earl.

    Here’s another model (complementary, not mutually exclusive):

    * Target systems/applications (think connector here)
    * Business process (e.g., hire, move, recertify, fire, etc.)
    * Operation (e.g., create, assign entitlement, disable, etc.)

    Our customers have had some success with planning their deployments by carving out 3-d spaces out of this “cube”.


    — Idan

  • 3 The Target Dimensions of Identity and Access Management « Management Fair   April 16, 2012 at 10:57 pm

    […] more: The Target Dimensions of Identity and Access Management Comments […]

  • 4 Earl Perkins   April 17, 2012 at 6:33 am

    Thank you Idan, you’re correct. There are multiple dimensions to IAM deployment and use. My comments were focused on the technical dimensions and those technologies that could be considered as the ‘target’ for management. But I agree completely that there is an equivalent set of ‘soft’ target dimensions. I am particularly interested in the organizational aspects of IAM, and believe that it remains one that is inadquately addressed throughout the industry, i.e. truly preparing an enterprise to use and exploit an established IAM system and to align their organizational structure around it.