Gartner Blog Network

The Real Meaning of “Intelligence” in IAM

by Earl Perkins  |  February 11, 2011  |  Comments Off on The Real Meaning of “Intelligence” in IAM

If you’ve been following some of our recent Gartner summits or research (as well as earlier blogs) you may have noticed a theme that has been expressed around “intelligence”, namely identity and access intelligence (IAI). At first glance, you may look at this and say “So what? This is just another name for printing up a compliance report, or collecting information about an access-related breach. Why do we need to name it something different?” I can certainly understand that sentiment. It seems like we (analyst firms, the media, vendors) always seem to be looking for a way to rename something so that it looks new and exciting– and so you’ll buy whatever is being sold under the new label

With IAI, that isn’t our point. Oh, of course we’d like to sell more research, but Gartner and other firms also seek to be advocates for clients. That not only helps us because you’re more likely to buy from us if our advice is good, but it also helps you, the client. IAI is not about technology. It was never our intention to imply that in presentations or research. IAI should actually be the result of a culture change within IT and the enterprise. It should be the output of a shift in the way work is done, the way decisions are made, the way we actually USE what we know in IAM to best effect. It should be the goal that we strive for in IAM, the prerequisite to do effective access control, the means by which we can make (for example) better HR, project management, and risk  decisions, the measurable and real proof that accountability and transparency are occurring.

IAI can be the result of a change in mindset of what we do with the information at hand. Believe me, it won’t be the first time that enterprise have tried to tackle this– good intelligence is hard to find, difficult to create, and still harder to maintain as a discipline. It can involve speaking to people you’ve never spoken to before, using tools that you never knew were available, acquiring skills that aren’t in your usual training agenda. Building a center of excellence around IAI actually means becoming part of an enterprise security intelligence program. And THAT subsequently means becoming part of a business intelligence program. I think you can see the pattern.

Some of the clients I have spoken to have said “well that sounds great, but I just want to provision a new employee. I don’t have time for all of this fancy analytics stuff.” What is ironic is those same clients staff up, train, and organize to do the basics like provisioning, build and deliver the reports necessary for operations and compliance, and establish the relationships with the business to ensure the results of provisioning are felt. Whether they know it or not, they’re already involved in all of the same steps that, with just a little more effort, can expand the intelligence they have to work with to get provisioning done, and then some. Again, it is a change in mindset on how we use what we have to do what we do better.

So what am I saying here? Just that this isn’t yet another round of renaming reporting and dashboarding, moving around people, process, and technology like pieces on a chessboard. This can be the “real deal” if we understand that the end result is intelligence to make our identity-based decisions (IT or business) better.


Earl Perkins
Research VP
5 years at Gartner
32 years IT industry

Earl Perkins is a research vice president in the Security and Privacy team at Gartner. His focus areas include identity and access management (IAM), including user provisioning, role life cycle management… Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.