Friday, December 29, 2006

Las Vegas Customer Roundtable

We held a customer roundtable while I was on tour in Las Vegas attending Gartner’s identity management conference. I really, really love talking to customers about what they are doing, the problems they are having and what they feel their priorities are. The other thing I love to do is get like-minded customers in a room together to see if I can help catalyze a discussion between everyone. The only rule I have for customer roundtables is: No PowerPoint! By eliminating PowerPoint you eliminate silence and the last thing you need in a customer roundtable is some salesman or marketing guy – like me – blathering on to a bunch of PowerPoint slides.

We had a nice cross-section of customers include some from the healthcare, financial and energy industries. I’ve tried to capture some of my key takeaways below:

Don’t forget the mainframe identities

Each one of the customers reported that mainframe and midrange systems were still alive and well within their organizations. On the basis of the industries represented I was not surprised to hear this. However, each and every one of the customers talked about how these systems were still “islands unto themselves” when it came to identity management. There still was not enough integration of those systems within their existing identity management projects. It appears there’s a need to better integrate all of those RACF, ACF2 and TopSecret identities. Not just plain synchronization of those identities with other systems like Active Directory but alignment of password policies and integration of LDAP and Kerberos for single sign-on.

Federation underway or being looked at

Each of the customers stated they were looking at federation except for one who has already rolled out a federation project. No one mentioned using Active Directory Federation Services (ADFS) – everyone in the group has pretty much decided to go with a non-Microsoft implementation based on SAML. The customer that has already rolled out a federation project is using PingFederate to provide federation services to some of their key customers. So far, in the first nine months of their project they have had over 2.5 million “federated” transactions. Impressive!

Group Policy catching on

Each of the companies is starting to leverage group policy for more than the basic password strength policy. I probed around this a lot because I have always considered group policy to be the real value behind implementing Active Directory. Most of the customers attributed their new interest in group policy to the fact that they are either want to do more with AD or they don’t want to deploy SMS.

More questions than answers

Many of the attendees are confused about things like SOA (“it sure sounds great, but…?”), entitlement management and role mining. What are the benefits? Is role mining a soluable problem? When will software deliver these capabilities? Etc.

Clearly, there’s still a lot of work to be done in these areas.

The reality tour kicks off 2007 with customer roundtables in Paris (January) and San Francisco (February) along with the annual Quest Software sales kickoff event.

Technorati Tags:
, , , , , , , ,

No comments: