Gartner IAM Summit 2011 -- Day 2

| | Comments (0) | TrackBacks (0)

As I wrote the other day, the theme of combining IAM w/ BI continued during day two of the Gartner IAM Summit in London. Perry Carpenter, an analyst w/ Gartner, brought it up again in his talk on best practices for administer user accounts, and other delegates I spoke to said it was mentioned in a lot of lectures they attended throughout the day as well. Every person I talked w/ was having a hard time swallowing the BI pill though. One IAM pure play vendor that I chatted w/ said it was nonsense to think that "shoving" the output of his program into some BI tool would provide additional value; it would create a mess, he said.

All this made me think: Gartner's value is in guidance. Why would they suggest to their clients that they consider this unless they truly believe it was correct? IMO, they wouldn't; however, that doesn't mean they are. So, are they? Will coupling IAM w/ BI provide additional value to the business? I think so. To see why, consider Forrester's estimation of the provisioning market size through the end of 2014:

How is it that the provisioning market is shooting up so fast? The report which I nabbed that graphic from, Identity Management Market Forecast: 2007 to 2014, has suggestions of course, but some that occur to me include these:

  • There are many sources of identity throughout an enterprise (HRS, ERP, CRM, etc.), and automating account management across them all requires hundred of connections and automated workflows.
  • There's no accepted standard for provisioning, so the work is custom and/or costly.
  • The big suite vendors are charging ~50K USD per connection.
So, the need is great and the cost is high. This makes the market huge. However, the prediction, which Carpenter told me Gartner also made, isn't coming true. Companies just aren't willing to pay. Because of this, smaller pure play vendors are stepping in and charging a lot less per connection (~10K USD); some are even selling their provisioning products with an unlimited number of free connections. These things together will eventually undermine the business model of the suite vendors, Carpenter suggested to me. At that point, they will be more willing to fix the provisioning standard. Till then, what choices do people have?

Firstly, companies can select pure play vendor that offers lower connection costs. Alternatively, they can abstract a large number of LDAP and relational identity stores behind a meta directory, and pony up for a costly connection to it. Thirdly, they can combine their provisioning solution with BI. By creating a handful of connection to commonplace identity stores, enterprises can avoid high implementation costs. For the dozens or hundreds of other connections, organizations can use BI to figure out if they are out of compliance and close that gap manually if they are. So, coupling BI with IAM, for provisioning at least, is a really good idea that deserves further exploration.

What about other areas of IAM like federation? Does combining federation w/ BI provide additional business value? Stay tuned for my thoughts on that.