Is Identity Management really about Identity?
To me identity management is all about being able to reasonably prove that the person acessing data is who they say they are and has access granted to them by role, device, application, and/or policy.
Data access management is the reactive or proactive management of a role or identity's rights to access data wherever it lives.
Today, data is like currency. The reason I say it is like currency is not because I grew up the Valley in California, but because data in general comes in many denominations, sizes, shapes, languages, and carries with it different valuations based on any number of factors. What companies, I believe, are struggling with is the problem of - there is all this currency floating around, with no central banking infrastructure to help manage or govern its value and exchange.
Think about it. It's the equivalent of everyone being a bank, with many denominations of currency, with no Federal Reserve, no FDIC, no World Bank, nothing. I can say I have $100, and to one person or organization it's worth $5 and to another person or organization it's worth $1000 with the value of the currency determined by the withdrawer, not the depositor.
Those with more data have more currency and worth, however they also have more risk, because their currency can be stolen with relative ease.
So companies who now have an exponential number of currencies under their roofs (real or virtual) are now trying to establish the underlying 'banking' infrastructure that is needed to determine currency's worth, protect it, and maintain its value in any exchange with any other bank or its currency.
So I ask the question again, are the identity management initiatives underway about identity after all?