I do agree with Dave in that I doubt that this acquisition signals a market consolidation – the entitlement market is too new. Look at the role management market as an example: it’s been around for a few years, lived longer than most expected, and just now are we seeing consolidation.
I love customer deployment stories. I especially love hearing about vendors deploying their own products. In this case, Sun and Deloitte were talking about deploying Sun Identity Manager internally at Sun.
They covered the usual tips for a successful deployment:
- Involve the business
- Planning makes all the difference
- Don’t bite off more than you can chew
Pretty standard stuff that always bear repeating.
There were some very interesting other observations:
- For complex systems, like ERP, get the vendor involved in the provisioning project
- Plan for testing early in the project
- Plan for sustaining the deployment, turning it from a project to a program early in the project
The idea of getting the complex system vendor involved in the provisioning project strikes me as both novel and extremely effective. The nuances of complex systems like ERP and mainframe security can bedevil a provisioning project. Might as well go to the experts early.
Their last point on planning for sustaining the project echoes a point the Phil Becker and I made last year on identity management as a lifestyle and not a project. You’re going to live with you decision for a lot longer than you probably expect. You have to plan on how to sustain the deployment and turn it into a key thread in the fabric of business services the organization relies upon.
Deloitte speaking across all of their deployments, not just Sun’s, had some interesting observations as well:
- Half of all identity management deployments end up as shelf-ware (I think I hear Bill Malik chuckling somewhere)
- The true return on investment is not in the technology but in the re-engineering of process
A common misconception is that deploying a user provisioning product requires a massive process re-engineering effort. That is not strictly true. Mature provisioning products these days can accommodate most business processes, no matter how arcane. That being said, deploying provisioning certainly encourages process re-engineering. The deployment gives an organization an excuse to examine what it does and how it does. “Do we really need five approvers just to give someone email and why do we have to fill these forms out to do so?”
So far, DIDW has not disappointed.
It’s day one of Digital ID World 2007. This is my third or fourth trip to DIDW. This ever-growing event always impresses with the level and quality of conversation. During the keynotes this morning, I got a glimpse of something small and to me something quite telling. I saw Phil Becker and Eric Norlin, the brains and brawn (I’ll let you figure out which one is which), sitting on the floor off to the side of the packed meeting room. These guys have always put the emphasis on hearing real world deployment stories and in doing so have always elevated their audiences to active participants. To see the heads of the conference sitting on the floor to allow more attendees to have a place to sit is, to me at least, a sign of their character – totally legit.
The final installment of my series on compliant provisioning is up on Audit Trail.
For those of you headed to Digital ID World, let me know and we can catch up. (I’m looking at you members of the Mark MacAuley supper club.)