Four steps to self-funding identity management

Plagiarising Chris with my own 2c, here are the major steps:

1. Education: Identify the key business problems you need to solve.

[AB] In large organisations, there are always people feeling the pain from poor identity life-cycle management practices. You should go and find them – they might even have money. At least you then have ‘real evidence’ of the problem which is good for the business case.

2. Discovery: Identify the business and technical context where labor is being expended and where automation will yield significant returns. For example, are you divesting or growing your staff? Are you retiring infrastructure?

[AB] This is interesting as many organisations don’t seem to worry too much about soft costs such as efficiency if your help desks and access processes are fulfilled internally. However, you might be able to get some big wins if there is a ‘hard cost’ such as where your help desk is managed by a 3rd party and there is a cost per call.

3. Planning: Outline the following:

a. Financial Policies and Constraints: What does it mean when the CFO says “no new projects”? Does he mean no improvements, or no incremental expense or cash funding is available? What are the policies for capitalization? When do you need to attain efficiencies to offset expense without impacting different types of budget cycles?

Read the full article at http://advice.cio.com/chris_sullivan/four_steps_to_self_funding_identity_management

There’s surely going to be some impact to their IAM products as a few notable pieces are developed out of Melbourne such as Identity Manager (parts of it anyway), Directory and SOA Security Manager (did this used to be transaction minder?).

Being ex-ca I know a few of the people affected, so good luck guys and I hope you land on your feet.

• Sun Java System Identity Manager 7.0
• Sun Java System Identity Manager 7.1
• Sun Java System Identity Manager 7.1.1
• Sun Java System Identity Manager 8.0

Check the IT News article here and the original Sun Alert here for more information. Happy Patching!

Nowadays, the world of IAM and their vendors is a very different place. If you read reports published by Gartner, Forrester, et al there isn’t a great deal of difference between the different product suites. In fact, having worked with IBM, CA and Sun suites in the past, I’d confirm this from my own experience. IAM is becoming commodity technology.

Just in case you don’t believe me and still believe “<insert product choice  here> is the best” the 2008 IAM reports from Gartner show IBM’s Tivoli Access Manager products are only mildly ahead in the Web Access Management Magic Quadrant, while they’re almost neck and neck in the User Provisioning Magic Quadrant.

So if IBM buys Sun, what will they do with the competing product stacks? IBM will have a few options I bet you would never guess:

1. Merge the product suites
2. Kill some off
3. Keep both

Number 3 is the least likely to me (obviously). Could you imagine the cost of supporting multiple code based? This will be even more interesting as the Sun suite is almost entirely open source now as IBM will never be able to truly remove a competing technology. However, owning (at least in principle) both technology suites would make IBM the un-disputed leader in installed IAM technology worldwide. But will that be enough to stop the rise of Oracle?

Anyway, I hope the Sun kit still works after they “blue wash” it.

I got to level 6 and only saved my company $6815. No wonder IdM business cases don’t get up.

Here’s the list of open source idm projects that I’m actually now aware of:

• AccessStream
• SourceID (identity federation toolkit from Ping Identity)
  
• OpenID
• Shibboleth
• Bandit Project
• Higgins Identity Framework
• OpenLDAP

And of course there is a whole bunch of stuff from Sun.

Has anyone used these successfully? Are there any others  I’ve missed?

Identity management does get a few mentions (must be a good article), but the main quote I thought worth repeating was:

All of the firms I talked with for this piece referenced Symantec’s research about rogue employees and lost laptops as the primary sources of data loss and theft. Working in the cloud removes the laptop issue and even the smartphone issue.

The wow factor for me (the rest of the article is pretty rushed) is this is the first time I’ve read about cloud computing reducing risk for an organisation, rather than increasing it.

Alas, Martha only hints about identity services in the cloud, and a pretty limited implementation:

User security is rooted in role-based access and identity management. Identity management is maintained in the firm’s LDAP directories. Permissions and denials are controlled by the firm’s administrator. The directories can be either inside the firm’s firewall, at the SaaS provider’s site, or in a DMZ.

Now, if only a large software vendor would release some sort of framework for identity services in the cloud. Should SaaS vendors be looking into this?

I’m not sure if you’ve looked into this yourself, but so far I’ve uncovered 6 groups (I’m sure there are more out there – ping me if you’ve got one not on the list). And they are:

• Identity & Access Management (317 members)
• League of IAM Architects/Consultants (752 members)
  
• Identity Management Group (124 members)
  
• Identity Management Specialists Group (3,878 members)
• identitymanagement (779 members)
• SSO Group (106 members)

My membership is still pending for the “Identity & Access Management” and “League of IAM Architects/Consultants” groups, but the others have some robust discussion at varying levels of technical detail.

And of course, there’s always those people who respond to a discussion by trying to flog their services. I tend to roll my eyes when I see one of those responses. However, one day I’ll probably be one of those people.

Where does the name come from? I think the identity part is clear, but well, there are some ‘eccentricities’ in our industry – minor nuances that anyone involved in IdM/IAM/IM projects in large enterprises can appreciate.

Any questions pr suggestions, feel free to ping me on ab@identricity.com or www.twitter.com/adrianbole. Stay tuned!