Gartner Blog Network

The Target Dimensions of Identity and Access Management

by Earl Perkins  |  April 16, 2012  |  4 Comments

There are so many ways of looking at IAM, but is looking at IAM differently helping you to DO anything differently? Let me explain.

The market for IAM tools and services coalesces around 3 primary ‘targets’, or environments where managing IAM is a good idea. Those areas are (1) data, (2) systems, and (3) applications.

In the vast majority of cases, data is the ultimate target for users of IT systems. That data may be structured, semi-structured, or unstructured, but at any one moment in time we’re after some data, information, or knowledge to make a decision and/or initiate an action. The IAM and related security industries have products that tend to focus more on data than other dimensions, products such as DLP for example.

When I use the word ‘systems’, I am encompassing IT platforms, operating systems, and networks together. Again, you’ll find a number of products that focus on these systems as the primary target for IAM. Privileged Account Activity Management (PAAM) is a prime example here, as well as some access management solutions.

The applications dimension of IAM is where a lot of action is taking place in the industry today. Mainstream access governance and provisioning solutions have applications as their target focus, and the solutions are architected around how to manage identities for application access.

When an enterprise knows what how the IAM products and services markets target these dimensions, it makes planning easier. It reminds me of the old saying “when you have a hammer, everything looks like a nail.” Remember that IAM products first start as an idea in someone’s head, and if that person has a data, system, or application ‘hammer’ dimension, it’s likely the product will reflect that.

It’s important that the planning and design of an effective IAM system NOT be driven by the way the market defines targets or dimensions, but instead on what then enterprise’s true requirements are and what is currently available in the enterprise to sustain an IAM program. It is one reason why Gartner is emphasizing the concept of an “identity data model” to more formally address the first dimension described here, the data dimension of IAM.

The data dimension itself has three targets: (1) the IAM data itself (identifiers, credentials, attributes, entitlements, etc.); (2) the log information of IAM activities and events, to be collected, correlated, analyzed, and used; (3) the target data to be accessed, structured, semi-structured, and unstructured (e.g. database contents, documents, messages, etc.). An understanding of how all of these different kinds of data interact is the first step towards addressing the data dimension of IAM.

Now you have another way of looking at IAM. Hopefully it is one that can help you plan, build, and operate such systems more effectively.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: iam  

Earl Perkins
Research VP
5 years at Gartner
32 years IT industry

Earl Perkins is a research vice president in the Security and Privacy team at Gartner. His focus areas include identity and access management (IAM), including user provisioning, role life cycle management… Read Full Bio

Thoughts on The Target Dimensions of Identity and Access Management

  1. […] products that tend to focus more on data than other dimensions, products such as DLP for example. Read more here… Tagged with: iam • IAM Best Practices • IAM Solutions • Identity • Identity […]

  2. idan says:

    That’s a nice model, Earl.

    Here’s another model (complementary, not mutually exclusive):

    * Target systems/applications (think connector here)
    * Business process (e.g., hire, move, recertify, fire, etc.)
    * Operation (e.g., create, assign entitlement, disable, etc.)

    Our customers have had some success with planning their deployments by carving out 3-d spaces out of this “cube”.


    — Idan

  3. […] more: The Target Dimensions of Identity and Access Management Comments […]

  4. Earl Perkins says:

    Thank you Idan, you’re correct. There are multiple dimensions to IAM deployment and use. My comments were focused on the technical dimensions and those technologies that could be considered as the ‘target’ for management. But I agree completely that there is an equivalent set of ‘soft’ target dimensions. I am particularly interested in the organizational aspects of IAM, and believe that it remains one that is inadquately addressed throughout the industry, i.e. truly preparing an enterprise to use and exploit an established IAM system and to align their organizational structure around it.

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.