Monday, August 09, 2010

Is IAM relevant to the Business?

This is a really important question. And by business I mean your business, your employer. Or is IAM simply something that makes the IT administrator’s and auditors' lives easier? This question will be addressed at this fall’s Gartner Identity & Access Management Summit 2010, November 15 – 17, in San Diego. I cut/paste a couple of questions and answers from Ray Wagner’s discussion on key trends in IAM – emphasis is mine. I’m willing to bet many organizations are still at the lowest level of maturity. You may have automated some processes but are you relevant to the business?

Q: The theme of this year’s conference—Transforming IAM: The New Business Intelligence Connection—is something of a departure. Why?
RW: Maturity is beginning to happen for many organizations. Now it’s time to talk about the next step. Once you have a set of well-documented processes and a mature infrastructure in place, you can begin to look at ways to utilize that infrastructure to generate more value for the organization. IAM and business intelligence are closely linked. What can an organization do with the output of its IAM systems? The reporting and intelligence that go along with providing access and control to individuals can be extremely useful in making business decisions.
We’ll also cover the foundations of IAM, technologies, current trends and the IAM marketplace at the conference, because there’s still a long way to go for most organizations to attain maturity. We’ll look at how to create the IAM program, including governance, project management, architecture and technologies, and do workshops to assess where you are in the maturity cycle. But we’ll also take a close look at what a modern and mature IAM infrastructure can bring to the business beyond the obvious.

Q: What changes need to be made to start leveraging IAM for business intelligence?
RW: Organizations don’t need to make big changes, given that they are cognizant of the IAM maturity cycle and their place in it. They need to reach a medium- to high-level of maturity. At that point, you can start using IAM to drive business intelligence, and that’s where things get interesting. However, maturity is something all organizations need to work on. At the lowest level, you may not have an identity team and your processes may still be completely ad hoc. If so, you’ll benefit from formalizing your IAM processes and then looking at ways to streamline them, in particular at technologies that will give you more insight into your IAM operations and what they mean for the business. Only at that point can you get the benefits we’re talking about with BI.
Not everyone is ready to start doing BI with IAM today. However, there’s no question that a mature IAM program can contribute to BI and business initiatives in a positive way. It’s time to start thinking about it and getting ready for it.


Sample said...

I have been following your blog for quite sometime. I am trying to find a place to ask a question with regard to Microsoft BPOS and ADFS. I work as a Team Manager for a large retail organization. We use SUN LDAP as our corporate directory. My company to planning on moving toward MS BPOS model and we are seeing roadblock with respect to integrating the LDAP with BPOS. We had several meetings with MS to see how we can federate the identity with BPOS using ADFS. MS is quite clear on their position with regard to ADFS. WE were told that ADFS support is still in works with targetted time to be next summer (2011) and also that ADFS support for BPOS can only work with AD and no other LDAP implementation. I am really surprised that MS is able to pull this tantrum on us since there are many such organizations who may not be using AD as their identity store but will have to dump that inorder to be onboarded to BPOS.

Do you have any background in this regard that you can share with us ?

Unknown said...

Yes, I think their standard preconfigured solution will be AD-oriented. However, there will probably be options for other directories as well. What are you trying to achieve? Directory sync or SSO?

For directory sync, I think the intent is to also provide a generic FIM management agent for any FIM-based sync (+ PowerShell APIs for any custom/scripted solutions).

For SSO, are you currently using SUN LDAP to authenticate users as well? If so, Microsoft does support ADFS integration with Sun OpenSSO:

I hope that helps...