Gartner Blog Network


Time for Intelligence and Clarity in IAM

by Earl Perkins  |  August 24, 2010  |  1 Comment

Something interesting is developing in the identity and access management arena. It isn’t new– if you look closely, you’ll recognize it from countless other technologies and processes that progress to maturity. IAM is no different. What I’m seeing is the maturing of intelligence.

Now I know you are tempted to make some jokes here, like intelligence and IAM are mutually exclusive in the same sentence, but here me out. As this technology area matures, there is more awareness by those who take care of it as well as those who use it that there’s a lot of  ‘record-keeping’ going on; plenty of logs and repositories of rich historical and definitive significance. From the beginning there have been  identity and access repositories for the identities themselves and their attributes, of entitlements, roles— all of that information that allows the ‘engines’ to do their job, whether it’s authenticating, authorizing, provisioning, certifying– there are a number of processes and events unfolding in a typical IAM process, and much of it is being recorded.

With those records or logs, one could say that data, once properly assembled and correlated turns into information. That information once reviewed, analyzed, and presented to the right people, process, or other application becomes knowledge, or information with value. One could even say that once that knowledge gets into the hands of the right people and they make actionable decisions with it, it’s no longer knowledge– it’s intelligence.

Of course, you may be thinking that I’m just playing with words and definitions, but consider the logic. Information of value really does allow an IT professional responsible for identity repositories to know whether they contain good information or trash, and can take action to cleanse or update it. Another set of information might allow an IT analyst to determine whether something should be reported to other IT professionals, or if something is ‘broken’, to repair it. But the real value, that which IT knowledge workers strive to provide, is business knowledge.

The delivery of business knowledge means that IT has succeeded in its core mission– it has provided information of value to the business, information they can actually use for a change, something with clarity— not some obscure spreadsheet, or a chart with technical terms on it that leaves people scratching their head, or report that provides little value. Of course, one should recognize that the primary value of IAM in this kind of knowledge is to give a context (you’ll see that word plenty in the months ahead, so get ready) to the business knowledge they already possess from other sources. I believe one context can be referred to as the “who view” of business knowledge— that dimension that uses identity to view business knowledge in a different way, where having that view may be the one element that turns that business knowledge into business intelligence, where a business user says “well now that I know who is doing this, I can make a decision”.

IAM should be (among other things) about clarity. How do we make clear to the business that there is intelligence on those logs, waiting to be mined, and that intelligence may make all the difference in their decisions? The best way is to deliver it, to provide that IAM intelligence is more knowledge for IT users to make IT users’ lives easier. IAM intelligence can be part of the business intelligence realm if properly analyzed and presented to the right audiences.

IAM and Business Intelligence is our theme for the annual Gartner IAM Summit, November 15-17 in San Digeo, California. I hope to see you there.

Category: 

Earl Perkins
Research VP
5 years at Gartner
32 years IT industry

Earl Perkins is a research vice president in the Security and Privacy team at Gartner. His focus areas include identity and access management (IAM), including user provisioning, role life cycle management… Read Full Bio


Thoughts on Time for Intelligence and Clarity in IAM


  1. I agree with Earl’s viewpoint and I am seeing the same trends and needs in the emerging market called intelligent workload management.

    Earl has put his finger on a key evolution that’s happening in the IAM space: The IAM systems that people have implemented are not just to serve the machinery that provides access or even to feed the audit and certification beast. It’s table stakes for a well-implemented IAM system to provide secure and easy access to resources throughout the organization and to provision users in a way that business users can understand without having to speak geek. The challenge is that doing this across physical, virtual and cloud environments is hard. Tying this to the security infrastructure is hard. However, once this system is in place you can start to answer the questions that provide real business intelligence: “What’s just happened on my system? Who did it? Should I care?”

    It’s the last question that’s at the core of why identity systems sit at the core of an enterprise. “Should I care?” impacts both security and compliance. All levels of the organization clearly care about these challenges – after all, CEOs hate seeing stippled drawings of themselves in the Wall Street Journal after a security breach or failed audit.

    At Novell, we talk about the Identity-Infused Enterprise that highlights the key characteristics of helping an organization be more Intelligent, Cloud-Ready and Secure. An IAM system is only fulfilling its promise when it’s providing full intelligence to the business across all of the connected systems. This starts with the identity management system but rapidly scales out to the access management infrastructure, the security infrastructure and connections to the cloud.

    As pointed out by Earl, intelligence must span all phases for building, securing, managing and measuring workloads. When a workload becomes identity-aware, it knows where and how it should be deployed, and it can provide audit trails of who has been using it. When a management framework becomes identity-aware, it enables self-regulation and management according to business policy, thus maximizing performance and flexibility, while minimizing cost, complexity and risk.

    Great post.



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.