A Report from Day 1 of the Gartner IAM Summit
I’m attending the Gartner IAM Summit in San Diego this week. It’s always difficult to be inside in a hotel conference facility when the weather outside is 70 degrees and sunny, so the sessions have to be really valuable.
Fortunately, this morning’s keynote from Earl Perkins was particularly good. The session was entitled “The Death of IAM and the Loss of Identity Innocence — A Review of Program Maturity, Services-Driven Change, and New Era Threats.”
Scaling Up to Service-Centric Delivery
According to Earl, “the out is now in,” which means we need to architect and scale the IDM infrastructure not only for employees, but more and more for external constituents.
Earl mentioned that this move to a more service-centric delivery model means that separate architectures for extranet and intranet with IAM are blurring, with extranet-based access, protection, and reporting mechanisms being used to create one consistent, coherent IAM architecture. The scale that IAM is being asked to address is increasingly larger, as well. Where we once spoke of IAM implementations of 5,000, 10,000 and 100,000 users, today, we routinely discuss implementations exceeding one million users. The scale of applications (in type and count) is also increasing.
Bridging the Gap Between Databases and Directories
In fact, one of the key debates that Earl referred to, as enterprises begin to understand the requirements for external constituents, is whether to use a database or a directory. As a vendor of technology that bridges the gap between databases and directory, we’ve been involved in many of these discussions and the conclusion has always been that you need both.
In most enterprises, databases already hold most of the identity data—CRM, orders, billing, and more—that’s required to enable access for external constituents. Databases also provide facilities for transactional integrity and data normalization and are better for updates and reporting. SQL is the preferred protocol for application developers doing CDI (Customer Data Integration) or MDM (Master Data Management).
Directories, on the other hand, provide fast access, more granular security, and enable search without the need to understand the underlying schema. For these reasons, LDAP is the preferred (and often required) protocol for IAM initiatives.
The Convergence of CDI and IAM
These worlds are starting to intersect—and sometimes collide—as CDI/MDM focuses more on improving the partner or customer experience through the web and IAM focuses more on external constituents. In fact, we’re starting to see the CDI/MDM guys trying to IAM-enable their initiatives, while the identity guys are hard at work making the IAM infrastructure CDI-compatible.
Identity virtualization bridges the gap between these two worlds by enabling you to separate the protocol (LDAP) from the underlying storage, so enterprises can leverage their existing RDBMS investments, which are designed for high-volume storage, and still derive all the speed and security benefits of the directory.
Looking Ahead: The Out is Now Win
The market is finally beginning to understand that the true value of IdM is not in compliance, but in enabling better interaction with the constituents who drive revenue and profits. This is an exciting time to be in this space and an even more exciting time to be working with technology that enables better identity administration and more effective risk management, and also empowers you to develop new initiatives that:
- Generate revenue
- Reduce costs
- Improve the customer experience
- Drive cross-sell and up-sell opportunities
The IdM and CDI worlds are beginning to converge, as everyone starts to realize that you can’t have one without the other. Identity virtualization provides that bridge…
- Dieter Schuller, VP Sales & Business Development
