Friday, December 30, 2005

Identity Management in 2005

It has been a while since I've blogged on the topic of identity. Some of it is laziness, some of it is the holiday effect, but the big reason why I wasn't blogging was that I took a new job with Trusted Network Technologies selling in the Northeast territory. I am excited for a whole host of reasons, but mainly it's because the take on Identity from the TNT perspective is simple, easy to deploy and support, and it lives at the network level, which I have believed for most of this year is the next frontier.

There is a lot of noise in the application space from acquisitions by Oracle, HP, BMC, and Sun (2004 for Sun), to feature sets, to roadmaps, to blah, blah, blah... The issue that all of these companies are grappling with and will grapple with is integration of these acquired technologies and where it will really get interesting is at the customer sites where the implementations will occur and companies will add yet another layer of integration to an already complex problem of integrating Identity management solutions into complex application architectures. It is a great time to start a professional services firm focused solely on Identity Management deployments. Having just come from SDG Corporation where we did several Identity Management implementations, it is the hottest area in technology right now based on what I know.

Given that implementations are so hot and the services business is so good, why leave? Because of the noise, the integration headaches, the feeling that with all of this technology out there that the market has moved so far away from simplicity of a solution and has rushed to make Identity Management the new application platform and to buoy balance sheets, that customers are going to spend far too much on implementations of immature and/or unintegrated (unitegrateable?) products and simply add another layer of applications to the mix in the name of security, compliance, or identity theft.

My view of identity has stayed simple - know the users, give them an identity that is contextual to how they interact with an institution, and based on that identity permit or deny access to applications. TO INSURE SUCCESS - DO THIS AT THE NETWORK LEVEL (wireless or wireline). If I can't get on your network, I can't get to your applications, operating systems, financials, credit card information, SEC filings, etc. to begin with.

My hope for 2006 in this Identity Management space is that the noise dies down, companies really think about the simplest way to address their identity management initiatives by first defining what Identity management really means to them, and then pick a solution and approach that is cost effective to deploy and manage. Here is my take on things as I saw it earlier this year:

Happy New Year everyone, see you in 2006...

Mark Mac Auley