Tag: Burton Group

ERM and the organization: Kevin’s response

A while back I had commented on consolidation in the role management world.  As I have said before, from product management and marketing perspectives, integrating a role management tool into an existing identity management suite is a no-brainer.  This is not to say that the implementation and deployment are no-brainers as well – so don’t get too excited Greg 😉  What is more interesting is where major vendors like Oracle and Sun will take enterprise roles management.

I had also mentioned that it would be great for Kevin Kampman of Burton to weigh in on the subject, and sure enough, he did.  I am intrigued by his concept of “return on organization.” But to see this return it first requires identity management vendors to share this value proposition with the parts of the enterprise that really care; it forces IdM vendors to sell to “the business.”  Making identity management truly relevant to the entire business has always been one of IdM’s challenges.  Role management does present a new way of taking older topics to a new audience but I wonder if potential customers are ready to hear it.

The Enterprise Role Management Integration Challenge

Nishant, in a light hearted manner, took my post on Sun acquiring Vaau as a bit of a dare. This is how I responded to his comment:

Since I don’t believe that ERM is an end in and of itself, I am more curious where the market and technology will go now that two “suite” vendors have made acquisitions. If, by orchestrating some sort of challenge between Oracle and Sun to integrate and innovate, I can help move things along, then yes, by all means, consider it a challenge. Maybe the gang at Burton Group can referee this?

How vendors like Sun and Oracle integrate their ERM acquisitions will have a very tangible impact on the future direction of identity management. Both are in a position to unlock the true value of enterprise role management.

The step of integrating ERM in user provisioning is a no brainer, though it will be interesting to see how fast each vendor can do it. What is more interesting is the step beyond that. I started to ruminate on that before… guess we’ll have to wait and see what comes.

In the meantime, it would be great if someone like Kevin Kampman would weigh in on this.

More coverage of Cisco and Securent

I think that Phil’s take on this sits somewhere in between Dave’s cynicism and Eric’s unabashed joy.

I do agree with Dave in that I doubt that this acquisition signals a market consolidation – the entitlement market is too new.  Look at the role management market as an example: it’s been around for a few years, lived longer than most expected, and just now are we seeing consolidation.

Oracle buys LogicalApps: Redux

Lori Rowland has posted an examination of the state of market given Oracle’s acquisition of LogicalApps. Her analysis of the impact of this acquisition to us independent controls management companies mirrors some of my thoughts on the matter. There was one thing that caught my eye. Lori writes:

There are obvious benefits to implementing Oracle and SAP’s controls management solutions to manage the respective environments. Who knows SAP SOD policies or sensitive transactions better than SAP, right?

Maybe not. I posit that the audit community (both internal and external auditors) have a better sense for what constitutes an SoD violation in their business context than ERP vendors do. Clearly, the ERP vendors know, from a functional stand-point, what each transaction and function does in their products. This enables them to build the “well, duh” SoD policies such as “flag everyone with SAP_ALL.” The “well, duh” SoD policies are the just the ante to play in the controls monitoring game. The meaningful, high value SoD policies come from the audit community and their years of lessons learned working across multiple industry verticals globally. It has yet to been if the ERP vendors will truly cater to this community’s needs. It is the greater audit community that Approva has sought to serve since day one and we’ll continue to do so. Viva independence!