More coverage of Cisco and Securent

I think that Phil’s take on this sits somewhere in between Dave’s cynicism and Eric’s unabashed joy.

I do agree with Dave in that I doubt that this acquisition signals a market consolidation – the entitlement market is too new.  Look at the role management market as an example: it’s been around for a few years, lived longer than most expected, and just now are we seeing consolidation.

Identity Management and Photography

I love shooting without a flash. So does Bob and he just published a good public service announcement for shooting without using a flash. (I do like that second shot of Mike a lot.)

There are a bunch of people in the greater identity management world who would consider themselves amateur photographers. I wonder if there is commonality of photography and IdM that practitioners of both find compelling.

From a content perspective, the aspects of a picture I take that I really like are, in some sense, a reflection of me. Maybe this photo/IdM thing comes back to relationships. We are looking for ourselves in our subjects.


Your network ate my fine-grained auth engine: Cisco to acquire Securent

Cisco has announced it has agreed to acquire Securent. First, of congrats to my friends there. Well done.

Second, I have to wonder about this one. It makes a form of sense to integrate Securent into SONA. That makes sense… at some point. I wonder how baked the addressable market is for fine-grained authorization capabilities managed from the network through the application stack. Abstracting routing tables to business processes and objects is definitely an interesting one, but when does it really transition from an interesting academic exercise into a Cisco-sized market?

Third, Andras Cser over at Forrester writes:

Given the fact that enterprises are increasingly looking for integrated IAM stacks, the entry of Cisco into the entitlement management market will require a clear strategy of becoming a provider of IAM solutions either through organic growth or by acquisition.

If Cisco is really getting into the IAM market, they picked a bit of an unusual beachhead. Entitlement management and fine-grained auth are emerging submarkets within IAM; they are important, but are significantly smaller markets than web access management, enterprise single sign-on, user provisioning, etc. If Cisco is that serious about tackling this market, it seems to me they would have started with a more mainstream, mature area.

DIDW: Sun’s deployment of Sun Identity Manager

I love customer deployment stories.  I especially love hearing about vendors deploying their own products.  In this case, Sun and Deloitte were talking about deploying Sun Identity Manager internally at Sun.

They covered the usual tips for a successful deployment:

  • Involve the business
  • Planning makes all the difference
  • Don’t bite off more than you can chew

Pretty standard stuff that always bear repeating.
There were some very interesting other observations:

  • For complex systems, like ERP, get the vendor involved in the provisioning project
  • Plan for testing early in the project
  • Plan for sustaining the deployment, turning it from a project to a program early in the project

The idea of getting the complex system vendor involved in the provisioning project strikes me as both novel and extremely effective. The nuances of complex systems like ERP and mainframe security can bedevil a provisioning project.  Might as well go to the experts early.

Their last point on planning for sustaining the project echoes a point the Phil Becker and I made last year on identity management as a lifestyle and not a project.  You’re going to live with you decision for a lot longer than you probably expect.  You have to plan on how to sustain the deployment and turn it into a key thread in the fabric of business services the organization relies upon.

Deloitte speaking across all of their deployments, not just Sun’s, had some interesting observations as well:

  • Half of all identity management deployments end up as shelf-ware (I think I hear Bill Malik chuckling somewhere)
  • The true return on investment is not in the technology but in the re-engineering of process

A common misconception is that deploying a user provisioning product requires a massive process re-engineering effort.  That is not strictly true.  Mature provisioning products these days can accommodate most business processes, no matter how arcane.  That being said, deploying provisioning certainly encourages process re-engineering.  The deployment gives an organization an excuse to examine what it does and how it does.  “Do we really need five approvers just to give someone email and why do we have to fill these forms out to do so?”

So far, DIDW has not disappointed.