ERM and the organization: Kevin’s response

A while back I had commented on consolidation in the role management world.  As I have said before, from product management and marketing perspectives, integrating a role management tool into an existing identity management suite is a no-brainer.  This is not to say that the implementation and deployment are no-brainers as well – so don’t get too excited Greg 😉  What is more interesting is where major vendors like Oracle and Sun will take enterprise roles management.

I had also mentioned that it would be great for Kevin Kampman of Burton to weigh in on the subject, and sure enough, he did.  I am intrigued by his concept of “return on organization.” But to see this return it first requires identity management vendors to share this value proposition with the parts of the enterprise that really care; it forces IdM vendors to sell to “the business.”  Making identity management truly relevant to the entire business has always been one of IdM’s challenges.  Role management does present a new way of taking older topics to a new audience but I wonder if potential customers are ready to hear it.

The Enterprise Role Management Integration Challenge

Nishant, in a light hearted manner, took my post on Sun acquiring Vaau as a bit of a dare. This is how I responded to his comment:

Since I don’t believe that ERM is an end in and of itself, I am more curious where the market and technology will go now that two “suite” vendors have made acquisitions. If, by orchestrating some sort of challenge between Oracle and Sun to integrate and innovate, I can help move things along, then yes, by all means, consider it a challenge. Maybe the gang at Burton Group can referee this?

How vendors like Sun and Oracle integrate their ERM acquisitions will have a very tangible impact on the future direction of identity management. Both are in a position to unlock the true value of enterprise role management.

The step of integrating ERM in user provisioning is a no brainer, though it will be interesting to see how fast each vendor can do it. What is more interesting is the step beyond that. I started to ruminate on that before… guess we’ll have to wait and see what comes.

In the meantime, it would be great if someone like Kevin Kampman would weigh in on this.

The ERM World is Getting Smaller: Sun to acquire Vaau

A second enterprise roles management company has been acquired.  Sun has announced intent to buy Vaau.  Congrats to Sachin, Steve Tiches, and the rest of the gang at Vaau.  You are definitely joining a great team.

It will interesting to see how fast Sun can tie Vaau’s various components to their existing suite.  I have to imagine that what was Identity Auditor, now part of Identity Manager, will be replaced entirely by Vaau’s identity audit capability.  Comparing Sun’s time to integrate Vaau to Oracle’s time to integrate Bridgestream ought to be interesting as well.

DIDW: Sun’s deployment of Sun Identity Manager

I love customer deployment stories.  I especially love hearing about vendors deploying their own products.  In this case, Sun and Deloitte were talking about deploying Sun Identity Manager internally at Sun.

They covered the usual tips for a successful deployment:

  • Involve the business
  • Planning makes all the difference
  • Don’t bite off more than you can chew

Pretty standard stuff that always bear repeating.
There were some very interesting other observations:

  • For complex systems, like ERP, get the vendor involved in the provisioning project
  • Plan for testing early in the project
  • Plan for sustaining the deployment, turning it from a project to a program early in the project

The idea of getting the complex system vendor involved in the provisioning project strikes me as both novel and extremely effective. The nuances of complex systems like ERP and mainframe security can bedevil a provisioning project.  Might as well go to the experts early.

Their last point on planning for sustaining the project echoes a point the Phil Becker and I made last year on identity management as a lifestyle and not a project.  You’re going to live with you decision for a lot longer than you probably expect.  You have to plan on how to sustain the deployment and turn it into a key thread in the fabric of business services the organization relies upon.

Deloitte speaking across all of their deployments, not just Sun’s, had some interesting observations as well:

  • Half of all identity management deployments end up as shelf-ware (I think I hear Bill Malik chuckling somewhere)
  • The true return on investment is not in the technology but in the re-engineering of process

A common misconception is that deploying a user provisioning product requires a massive process re-engineering effort.  That is not strictly true.  Mature provisioning products these days can accommodate most business processes, no matter how arcane.  That being said, deploying provisioning certainly encourages process re-engineering.  The deployment gives an organization an excuse to examine what it does and how it does.  “Do we really need five approvers just to give someone email and why do we have to fill these forms out to do so?”

So far, DIDW has not disappointed.