Roles, Courion and Trusted Network Technologies
Between Rob and Dave, we’ve started a nice little set of discussions on roles. Since the boss and the CTO have weighed in, I figured it was my turn.
Roles have been a touchy subject. The industry has wandered a bit over the years to get to where we are now. I remember when role based access control (rbac) was losing a bit of steam and being upstaged by rule based access control (rbac). I used to tell customers, “NIST has it easy. They don’t have to sell anything. If you find that the first idea you had isn’t working, replace it with a new one with the exact same abbreviation. That way you can change what you are talking about without having to reprint the marketing material.” Now this was back in the day that Access360 and Waveset were going head to head. (Ah… the good old days.)
The industry has grown a lot since then. We (the industry and customer base) are ready to have more meaningful discussion about role lifecycle management. The US market is starting to come around to roles as new forms of technology can turn role lifecycle management from a painful expensive task into an ongoing dynamic process. We can talk about bottom-up versus top-down. We can look at the way policy and role definition intermingle in various applications. It is a great time to be working in this space.
Dave’s post on roles as the fuel for something more than identity management and security addresses the real end goal of customers: IT governance. How does a company turn business process into IT operations into operational efficiency? I’m with Dave here in saying roles can help. However, if role definition is static and done in isolation then it is a wasted effort.
Enter our announcement with Courion. Between Courion’s abilities to mine their data to build roles and our abilities to observe identity interactions on the network, we can turn role lifecycle management from a painful expensive task to an ongoing dynamic process. If the process is not ongoing, then any IT governance decision based on role decisions will be using stale data. If these decision are not made on valid data from the identity map of the enterprise, then they are made in isolation and will be suspect. Together Courion and Trusted Network Technologies can do role mining in a timely fashion based on the identity interactions of the enterprise.
A Prediction for 2006
It’s a bit late to be making predictions for the year, but better late than never. The Identity Management market is a broad market. It encompasses everything from two-factor authentication to role lifecycle management to federation and beyond. There, as you would expect, are a lot of vendors in this space, with more coming every day. My gut tells me we are going to see a more and more of the smaller vendors in this space teaming to bring better more meaningful solutions to the market. Instead of having a flurry of market consolidation and large companies acquiring smaller ones, 2006 will be a year of seemingly unrelated companies coming together with products that simply work better together. This space is finding natural resonance with verticals like health care, higher education, and retail banking. Smaller vendors are nimble and can bring joint offerings to these spaces quickly. We’ll see how this prediction pans out as the year progresses.
Finally, we are headed, along with just about everyone else in the space, to the RSA conference next week. I’ll be hanging around our booth (#1816) along with the rest of our bloggers: Dave, Rob, and Doug. Come on by and say hi. Put a face to the blog entries.