Something interesting is developing in the identity and access management arena. It isn’t new– if you look closely, you’ll recognize it from countless other technologies and processes that progress to maturity. IAM is no different. What I’m seeing is the maturing of intelligence.
Now I know you are tempted to make some jokes here, like intelligence and IAM are mutually exclusive in the same sentence, but here me out. As this technology area matures, there is more awareness by those who take care of it as well as those who use it that there’s a lot of ‘record-keeping’ going on; plenty of logs and repositories of rich historical and definitive significance. From the beginning there have been identity and access repositories for the identities themselves and their attributes, of entitlements, roles— all of that information that allows the ‘engines’ to do their job, whether it’s authenticating, authorizing, provisioning, certifying– there are a number of processes and events unfolding in a typical IAM process, and much of it is being recorded.
With those records or logs, one could say that data, once properly assembled and correlated turns into information. That information once reviewed, analyzed, and presented to the right people, process, or other application becomes knowledge, or information with value. One could even say that once that knowledge gets into the hands of the right people and they make actionable decisions with it, it’s no longer knowledge– it’s intelligence.
Of course, you may be thinking that I’m just playing with words and definitions, but consider the logic. Information of value really does allow an IT professional responsible for identity repositories to know whether they contain good information or trash, and can take action to cleanse or update it. Another set of information might allow an IT analyst to determine whether something should be reported to other IT professionals, or if something is ‘broken’, to repair it. But the real value, that which IT knowledge workers strive to provide, is business knowledge.
The delivery of business knowledge means that IT has succeeded in its core mission– it has provided information of value to the business, information they can actually use for a change, something with clarity— not some obscure spreadsheet, or a chart with technical terms on it that leaves people scratching their head, or report that provides little value. Of course, one should recognize that the primary value of IAM in this kind of knowledge is to give a context (you’ll see that word plenty in the months ahead, so get ready) to the business knowledge they already possess from other sources. I believe one context can be referred to as the “who view” of business knowledge— that dimension that uses identity to view business knowledge in a different way, where having that view may be the one element that turns that business knowledge into business intelligence, where a business user says “well now that I know who is doing this, I can make a decision”.
IAM should be (among other things) about clarity. How do we make clear to the business that there is intelligence on those logs, waiting to be mined, and that intelligence may make all the difference in their decisions? The best way is to deliver it, to provide that IAM intelligence is more knowledge for IT users to make IT users’ lives easier. IAM intelligence can be part of the business intelligence realm if properly analyzed and presented to the right audiences.
IAM and Business Intelligence is our theme for the annual Gartner IAM Summit, November 15-17 in San Digeo, California. I hope to see you there.
Read Complimentary Relevant Research
Top Strategic Predictions for 2019 and Beyond: Practicality Exists Within Instability
Technology-based change is happening continuously, and most organizations struggle to see the change in advance. Continuous change can...
View Relevant Webinars
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.