Earl Perkins kicked off the Gartner IAM summit with this talk: The Death of IAM and the Loss of Identity Innocence – A Review of Program Maturity, Service-Driven Change and New-Era Threats. Catchy title, eh?! It was certainly penned this way to draw attention to what Earl called an “inflection point” that is now happening in the IAM market.
Earl’s commentary centered around IAM – especially the “A” access part – accountability as the new phase of IAM. Gartner has clients who approach them daily who are now talking about replacing their first generation IAM systems – as Earl calls it, a “disaster summit” or a “do-over” conversation. In the area of governance (GRC) we are in the same place where we were with provisioning 5 years ago which means we are early and still have a long way to go in this area.
Earl see these trends in the “IAM Age of Accountability”:
- Externalization + decentralization = “The out is now in”
- Finding or identifying who is in charge
- “Scale” is becoming off the scale
- Delivery methods increase
- Expanding business process management
I think we have all seen much of the above. Much of this is being driven by the effects of compliance pressures on companies along with the drive to save money through the use of the “cloud”. It’s only going to get worse as federation begins to take off.
Earl also talked about the death of the IAM suite and birth of the IAM partnership. Not the actual, real death of the IAM suite but the importance of partnering with your IAM vendor and picking the right vendor that you can work with over time. While Earl didn’t say this nor do I think he meant that the magic quadrant is “dead” but I do wonder about customers who make IAM choices simply by looking at the MQ. Partnership cannot be measured by the Gartner MQ in my opinion.
Earl concluded by discussion how you map an IAM program into an information security program – taking you to serious business enablement, security effectiveness and security efficiency – where I expect we all want to end up.
I like how Earl characterized this as an “inflection point”. It’s a better term than saying IAM 2.0 or “next generation”. The fact of the matter is that market pressures (“requirements”) are causing the slope to change of companies needs in this area and by definition that is an inflection point. I do think that many of the early IAM products and suites are struggling with this inflection point whereas some of the newer vendors in these areas are able to cope with or build directly to this inflection point.
Interesting times for sure. For all of us – vendors and users.