tuesdaynight » didw

More coverage of Cisco and Securent

Ian Glazer — Fri, 02 Nov 2007 20:46:33 +0000

I think that Phil’s take on this sits somewhere in between Dave’s cynicism and Eric’s unabashed joy.

I do agree with Dave in that I doubt that this acquisition signals a market consolidation – the entitlement market is too new. Look at the role management market as an example: it’s been around for a few years, lived longer than most expected, and just now are we seeing consolidation.

DIDW: Sun’s deployment of Sun Identity Manager

Ian Glazer — Mon, 24 Sep 2007 21:16:06 +0000

I love customer deployment stories. I especially love hearing about vendors deploying their own products. In this case, Sun and Deloitte were talking about deploying Sun Identity Manager internally at Sun.

They covered the usual tips for a successful deployment:

Involve the business
Planning makes all the difference
Don’t bite off more than you can chew

Pretty standard stuff that always bear repeating.
There were some very interesting other observations:

For complex systems, like ERP, get the vendor involved in the provisioning project
Plan for testing early in the project
Plan for sustaining the deployment, turning it from a project to a program early in the project

The idea of getting the complex system vendor involved in the provisioning project strikes me as both novel and extremely effective. The nuances of complex systems like ERP and mainframe security can bedevil a provisioning project. Might as well go to the experts early.

Their last point on planning for sustaining the project echoes a point the Phil Becker and I made last year on identity management as a lifestyle and not a project. You’re going to live with you decision for a lot longer than you probably expect. You have to plan on how to sustain the deployment and turn it into a key thread in the fabric of business services the organization relies upon.

Deloitte speaking across all of their deployments, not just Sun’s, had some interesting observations as well:

Half of all identity management deployments end up as shelf-ware (I think I hear Bill Malik chuckling somewhere)
The true return on investment is not in the technology but in the re-engineering of process

A common misconception is that deploying a user provisioning product requires a massive process re-engineering effort. That is not strictly true. Mature provisioning products these days can accommodate most business processes, no matter how arcane. That being said, deploying provisioning certainly encourages process re-engineering. The deployment gives an organization an excuse to examine what it does and how it does. “Do we really need five approvers just to give someone email and why do we have to fill these forms out to do so?”

So far, DIDW has not disappointed.

A small indicator of why Digital ID World is legit

Ian Glazer — Mon, 24 Sep 2007 20:45:03 +0000

It’s day one of Digital ID World 2007. This is my third or fourth trip to DIDW. This ever-growing event always impresses with the level and quality of conversation. During the keynotes this morning, I got a glimpse of something small and to me something quite telling. I saw Phil Becker and Eric Norlin, the brains and brawn (I’ll let you figure out which one is which), sitting on the floor off to the side of the packed meeting room. These guys have always put the emphasis on hearing real world deployment stories and in doing so have always elevated their audiences to active participants. To see the heads of the conference sitting on the floor to allow more attendees to have a place to sit is, to me at least, a sign of their character – totally legit.

Part 3 of my compliant provisioning series

Ian Glazer — Fri, 21 Sep 2007 01:54:49 +0000

The final installment of my series on compliant provisioning is up on Audit Trail.

For those of you headed to Digital ID World, let me know and we can catch up. (I’m looking at you members of the Mark MacAuley supper club.)

Now it is official: Oracle buys Bridgestream

Ian Glazer — Wed, 05 Sep 2007 14:28:45 +0000

The deal is done. To Ed, Volker, and all my friends over at Bridgestream – a hearty congratulations.

I have to figure that people are going to start clamoring about market consolidation in the ERM space and it will reach a climax at Digital ID World just a few weeks away. Anyone want to through a prediction of who the next ERM company to get acquired will be?

So Ron Rymon of Eurekify threw it out there:

…As a whole, I believe that Role Management (the combination of RMM and RA) is BIGGER than Provisioning. So again, you only see the tip of the iceberg now.

I think we are going to mark 2007 as the year that a shift occurred in user provisioning. It shifted from being an end in-and-of-itself to the vehicle for service delivery. We’ll see.

If you don’t know where you are going, no road will take you there

Ian Glazer — Fri, 11 May 2007 21:35:39 +0000

Apologies to Lewis Carol and the Cheshire Cat.

Mark MacAuley makes me laugh. He is a funny guy, but that’s not why he makes me laugh. He makes me laugh when he finds situations like this one:

I spoke to a non-US Government Agency yesterday about their Identity Management initiative. Turns out they are hung up on an architecture. Why? Because there is no identifiable (or identified) business process for them to build for. The business users are saying – Just buy a tool and it’ll take care of it that’s what their workflows are for’. Those of us who do this for a living are probably smirking or laughing out loud at the comment. Typical, but one of the leading causes of unsuccessful projects.

Why is this funny? Because I already know this project is doomed to fail and all you can do is shrug your shoulders and laugh.

Having “the business” abdicate its role as the driver of any project like this is criminally irresponsible. (For you hardcore cynics, I don’t care that this is a government example; that’s not an excuse.) Identity Management is waking up from its speed and feeds adolescence. More importantly, the market is starting to snap out of its IT-induced hypnosis, and it is business that will benefit. The business cannot simply punt on an opportunity like this.

I literally just got out of Courion’s user conference, Converge. I would say that about half of the presentations from customers, analysts, and Courion staff alike related to the business drivers and the business view of identity management projects.

Simple example – from a business perspective, identity management often gets attestation wrong. Unless you have the absolutley most friendly Active Directory group names in the world, presenting a list of groups to a manager and asking, “Are these the groups that Ian should have?” is essentially useless. Now presenting a list of business functions as the content of an attestation event – that makes sense. Instead of sending AD group SHRPT1_ENG and CITRIX_PRESSRV_02_SAP863 to my manager, send “Access to the Engineering Sharepoint server” and “Access to SAP Instance 863 via Citrix Presentation Server.” It is simple things like this that turn IdM projects into true business enablers.

I’ll be back soon with some other thoughts from Converge and an interesting conversation Phil Becker and I seem to always be in the midst of.

tuesdaynight » didw

More coverage of Cisco and Securent

Related Posts:

DIDW: Sun’s deployment of Sun Identity Manager

Related Posts:

A small indicator of why Digital ID World is legit

Related Posts:

Part 3 of my compliant provisioning series

Related Posts:

Now it is official: Oracle buys Bridgestream

Related Posts:

If you don’t know where you are going, no road will take you there

Related Posts: