I really don't think that a flock of 1000 Perl scripts all trying to fly in formation is "identity management".
Well, I can't help but agree with that. Have we progressed that little over the last 15 years?
We have over 300,000 groups (distribution lists, security groups) scattered across our company. Forget about "managing" them! I'd simply like to know if they are even being used let alone what for!!
What can I say? Many IAM vendors are not adopting lifecycle considerations to the concept of "groups". There are so many customers out there that have this problem in Windows alone - forget about adding in Unix or, Heaven forbid, RACF!
Active Directory is quickly becoming the center of our galaxy.
This does not surprise me.
Reducing credential burden is one of my top two priorities. The other is disaster recovery.
This comment came from an assistant CTO at a large company. It was telling in the sense that there was an explicit acknowledgment that password management, password synchronization, password reset and everything associated with passwords was just costing this company too much. They are truly seeking the Holy Grail - single sign-on - as a means to reducing this burden (cost).
Did I tell you we have no money to spend? Unless you can show me substantive ROI in under one year -or- you help be close an audit issue.
Actually, I heard this a number of times from customers while I was on my roadtrip. Customers have money - they just don't want to spend it unless the value (ROI, compliance) is there and obvious. I can't help but understand and agree. As I've said in the past, this is not the (economic) time for rocket science.
My thanks to all those who met with me over the last few weeks. I managed to squeeze in as many customer meetings at the TEC 2009 conference in Las Vegas as I did while I was on the road. That was nice - all I had to do was move from one conference room to the other - no planes involved!
Quest Software, QSFT, Active Directory, MSFT, Microsoft, identity management