The ERP for IT

05.10.2007 by Martin Kuppinger

During an analyst briefing I had some days ago with a leading vendor in the BSM space around the role Identity Management plays for BSM (which is quite important, given the fact that all leading BSM vendors are IAM vendors and that IAM plays a significant role within ITILv3) we came to the conclusion that there is no ERP for IT. There are specific ERP solutions for Finance, Customer Relationship Management, Product Lifecycle Management, and so on. But there is nothing for IT. That automatically led to the question whether BSM might fill this gap.

The discussion also was sort of a reminder to another talk I had some months ago with the CIO of one of the German DAX companies. His vision is about an IT with clear knowledge on its costs thus being able to predict the TCO (and not only development costs or an initial investment into infrastructure) of new “Business Services” IT delivers. These services might be applications or infrastructure services. He’d like to be able to predict the cost per user, the cost per use of a specific service or whatever you want. This ability would be the basis for a factual discussion about IT services and a granular accounting and might even lead to an IT department which is sort of a business centre (like an Outsourcer) and not only a cost centre.

Both discussions are around the way IT acts, about the role of Business Service Management and, in fact, about ERP for IT. The BSM approach which is required for that type of solution will go well beyond todays infrastructure focus. BSM itself is much broader than the IT infrastructure service focus of ITIL. But for that approach it will have to include much more functionality around application and service (in the sense of web services) management, something which isn’t covered that much by most BSM vendors today.

I personally believe that sort of an ERP for IT will be very interesting, proofing the fact that IT is today an important enabler for business and not just a technology department which burns money. The question is whether it will really be some of the large BSM vendors who deliver that new type of application or whether the ERP vendors will be the ones. I’ll wait and see.

You might ask yourself what this has to do with IAM (Identity and Access Management), my core topic. Well, first of all IAM is not my only topic. BSM is one which becomes more and more important for KCP due to the relationship to IAM – and one I’m doing research for quite a long time now. Besides this, there is another ERP for IT thing I’m currently thinking about. May be I’d better call it EIP for “Enterprise Information Planning” but it’s about enterprise control of information, the next real big step in IAM. I’ll cover this in one of my next blogs.

Posted in Business Service Management, SOA | 15 comments

Identity services – easier software audits

27.09.2007 by Martin Kuppinger

In the last week I had several conversations with different IT vendors and end users which led to a discussion about the value of identity services within a service-oriented architecture. The IT companies came from different market segments. One example is E2E, a swiss company which develops a tool for model-driven architecture and the resulting applications. They have started defining such identity (and other security) services within their models. Other persons I spoke with came for example from the BSM (Business Service Management) space.

The well-known business values for identity services within a SOA concept are mainly the ability to not only build business processes but to build secure business processes and the reduced development costs. The latter is true because it is more efficient to use pre-defined services instead of reinventing the wheel of security for every single application (and, to note, to reinvent something which usually has five edges instead of being round…).

Another point is that there usually won’t be “compliant” applications without a set of pre-defined identity services – the alternative often is to code at least some aspects of security, even in applications which were developed with the SOA concept in mind.

That leads to one other real big advantage of identity services: They make software audits much easier – and thus avoid some of the struggles you often observe between the security guys and the application developers. With a consistent service-oriented approach and the use of pre-defined identity services, software audits become much easier. You only have to audit a version of a service once. Afterwards, it’s only about analyzing the “orchestrated” application models and the additional code. When security is delivered through services, you have much less to worry about when doing software audits. Besides, the audit of changes becomes much easier – you have to either analyze the changes in services or in the applications itself. By the way: The more these applications are really model-based and orchestrated and the less custom, application-specific code there is, the easier are software audits.

The guys from E2E told me that in some case they could reduce the time for a software audit from 4 weeks to some 36 hours. Even while the effect isn’t necessarily that big – there is a clear, positive effect. And it is an effect in terms of money, in terms of time and, given this, sometimes even in time to market. May be the biggest effect is that identity services makes you the developer’s best friend through reducing the pain of software audits.

Posted in Identity Services, SOA | No comments

« Newer posts

top

Services


	Categories Access Governance Access Management Application Security Infrastructure APT Attestation BSM market Business Service Management BYOD CIO agenda Cloud Context based authorization Data leakage prevention Database Security Directory Services Dynamic Authorization Management eGovernment eID cards/ePassports Endpoint Security Enterprise Entitlements Enterprise Systems Federation GRC IAM market IAM vision Identity 2.0 Identity Fraud Identity Management Identity Services Information Rights Management Information Security IT accounting IT Business Alignment IT Service Management IT strategy License and contract management Managed Services Mobile Security Network Access Protection Personalization Privacy Privileged Account Management Provisioning Risk Management Role Management SaaS SAP Security Single Sign-on Smart Grid SOA Social networks Software Architecture Strong authentication System lifecycle management Uncategorized User Centric IAM Versatile authentication Virtual Directory Services Virtualization VRM Archives January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 Blogroll Audit Trail (Approva) Beteo Blog Bob Griffin, RSA Doubleslash Blog Kim Cameron’s Identity Blog Marcus Lasance's blog Matt Flynn’s Identity Blog Norman Marks of SAP BO GRC

Subscription


	Enter your email address: Delivered by FeedBurner

© 2012 Martin Kuppinger, KuppingerCole