As we hit the mid-point of 2009, Corporate America has not yet rebounded from the recent tough economical environment. Shrinking budgets, tightened spending, resource cuts - Logic Trends has witnessed these same spending trends regardless of the type of industry. We believe these trends will likely continue into 2010. Therefore, creativity and flexibility are cornerstones of IT spending for the foreseeable future.
Interestingly enough, the requirements, however, have not changed. Organizations must increase security, increase regulatory compliance, and optimize IT workloads – All with less or a more multipurpose IT staff. It is also important to understand that these challenges / requirements are common regardless of the size of the organization. In reality, it is even more important today to truly understand who has access to what and how to manage and report on that access effectively, but with increased fiscal constraints.
Let’s face it – deploying an IAM system, as it exists today, is costly and time consuming. Organizations need to invest in analysis and requirements-related work, vendor evaluations, proof of concepts, hardware and software spend, prototyping, development and integration services, internal resource training, and enterprise communications and marketing costs. Given the amount of required investment, IAM deployments rarely show high Return on Investment (ROI) until a number of years after the initial deployment. Logic Trends has developed its IAM5 Methodology for the purpose of being able to somewhat forecast and lessen the costs and risks associated with these deployments, but not even a mature methodology will offer enough immediate return for some organizations (especially the small to medium-sized business).
This is where Software as a Service (SaaS) or Cloud Computing comes into play. These concepts haven’t become a reality in the IAM space specifically yet, but as the major IAM vendors look for new ways to grow business and offer IAM solutions to increasingly diverse clients, these concepts will become much more important. If you are not familiar with Cloud Computing or SaaS please view the following for more information:
http://csrc.nist.gov/groups/SNS/cloud-computing/
or
http://en.wikipedia.org/wiki/Cloud_computing
Where does IAM fit into the Cloud?
Simply put, IAM concepts fit very nicely into the cloud. Think about the basic components of any IAM deployment – first, you have the business processes that any technology-based solution must support, and second you have an application server, a web server, a database, and a user repository. In addition, there could be provisioning connectors, additional databases/data stores, multiple directory domains, target systems, and other third-party tools.
Now think about the basic components that could make up a “cloud”:
Storage networks
Servers
Zones/partitions
Load balancers
Network components
Technology Stack
The intriguing bullet on that list is the “Technology Stack”. The Technology Stack includes application servers, web servers, caches, databases, etc; all the components necessary to deploy an IAM system internally today. One of the main benefits of deploying an application in that stack is that once the IAM software and necessary development/configurations/customizations (including connectors) has taken place, the risks associated with availability, scalability, and maintenance are absorbed by the vendor managing the cloud. For organizations already on tight budgets, this could provide reductions in costs associated with storage, daily maintenance, and training administrators, and end users.
Additionally, there is potential in separating the various modules that make up an IAM solution into individual SaaS solutions. One of the most commonly discussed modules is authentication. Authentication, especially web or enterprise SSO, remains one of the hardest IAM functionalities to deploy and manage properly. How would organizations respond if they could simply point toward the cloud, have users enter their credentials via whatever authentication service, have the secure token services layer handle any authentication conversion, and the user is granted access to whatever applications are managed in the cloud? Couple that with a federation model and the possibilities could be endless.
Finally, showing the cloud’s true potential and versatility, Joe McKendrick of ZDNet recently wrote an article about the cloud’s flexibility and introduced an interesting idea from George Ravich, Chief Marketing Officer of Fundtech – Services, in general, could be offered like songs on iTunes. We can take it one step farther with IAM. Although there would most likely be legal hurdles to overcome, a publically available, iTunes-like program would allow various IAM vendors to offer IAM applications/modules for organizations to download, IAM workflows/frameworks/connectors for purchase and modification, third-party integration firms and developers could offer their services and expertise, and a community could be established for organizations to discuss product improvements and challenges.
Deploying an IAM solution in the cloud conceptually makes sense from both a technical and business perspective. Its benefits are many, the technology already exists for other industries, and in the current economic climate the demand is present. However, we are still some time away from rapid adaptation. There are still some risks that need to be overcome by both the consumer organization and the service providers – how to overcome the issue of data localization, how to restructure licenses, how to design their own architecture to be flexible enough, how to provide privacy, governance, and assurance in the cloud and the legalities and how-to’s related to managing third party tools…all of which are rather large hurdles.
Despite the challenges, IAM as a SaaS/cloud offering is definitely on the horizon as we’re already seeing glimpses of progress. Hitachi ID Systems recently launched an outsourced IdM Administrator service offering for its password management product (Password Manager), Sun and Oracle are authoring white papers involving cloud computing/SaaS and its possibilities, and with the focus Microsoft has been putting on its cloud computing offering called Azure Services Platform (allows an organization’s applications to be hosted and new applications to be built in various languages), the future for IAM will soon be the present.
Come back for the next blog where we will dive into the technical side of common use cases that could be supported by IAM in the cloud.
Thursday, July 23, 2009
Friday, June 12, 2009
Trade Association Enhances Security, Cuts Credential Management Work by 75 Percent
Check out the new Case Study for The National Rural Electric Cooperative Association (NRECA) on Microsoft's Web Site. There are significant business metrics to validate the benefits of an Identity and Access Management project, with a focus on operational efficiency and compliance readiness.
One quote:
"Our user lifecycle management processes were driven by a series of human interfaces and processes, electronic messages and forms, and custom scripting," Condello explains. "These processes were well understood but injected a significant number of 'touch points' for Human Resources administrators and security personnel. We wanted to automate many of our credential management chores and standardize the scripting elements into a common server/services interface. This would free up staff time to strengthen our enterprise security infrastructure."
Blogger: Logic Trends Blogger
One quote:
"Our user lifecycle management processes were driven by a series of human interfaces and processes, electronic messages and forms, and custom scripting," Condello explains. "These processes were well understood but injected a significant number of 'touch points' for Human Resources administrators and security personnel. We wanted to automate many of our credential management chores and standardize the scripting elements into a common server/services interface. This would free up staff time to strengthen our enterprise security infrastructure."
Blogger: Logic Trends Blogger
Monday, June 1, 2009
Developing and Executing on a Healthcare IAM Strategy: Webcast
Healthcare providers have identified that Identity & Access Management (IAM) is core to their enterprise security strategy and their overall business strategy. As evidenced by recent analyst research, IAM within healthcare providers plays an important role in achieving many key business goals, including: (i) simplified end user experiences, (ii) streamlining user management processes and (iii) regulatory compliance sustainability.
Providers, Payers and Patients agree that enhanced security and management of access is a need, and the goals are clear, but many questions still remain. For example:
- Where do I start?
- How do I build a strategy and roadmap?
- How do communicate and sell the value within my organization?
- How do I build a business case, and show real ROI?
- How much will this program cost?
- What technology do I pick?
The Logic Trends IAM5 Workshop engagement has consistently and continually provided answers to these questions, and more, for the last five years. Most recently, CaroMont Health engaged Logic Trends to help determine their IAM strategy, establish project justification, narrow the technology vendor options and set a roadmap for solution deployment.
Listen to the Webcast for yourself, as the bottom line value clearly stated by the CIO was: “In Two Days we felt like we jumped forward Six Months, ” Mike Johnson, CIO.
Blogger: Andrew Ames, VP Sales and Marketing for Logic Trends
Subscribe to:
Posts (Atom)