Well, the time between the years (usually today referring to the days after Christmas until New Years Eve – but did you know these were historically the twelve days between December 24th and January 6th which served to align lunar and solar calender years? But I am getting too much off-topic…) is used to reflect about the year passed. There are a few things and events that absolutely impressed me in 2011, which I like to talk about a litte!
First, there was the spring event European Identity Conference (EIC – www.id-conf.com) which had a great impact from my personal point of view. I never had so many interviews, briefings, talks and sessions to host in that short amount of time. But instead of feeling exhausted and depleted when finally traveling home that Friday, I felt energized, motivated and inspired! So many interesting people to talk to, so many vibrant sessions and panel discussions to follow – and a really delicious catering all the time!
Second, the autumn event IT Security Area (www.it-sa.de) in Nuremberg. A tradefair by design, it was also packed with a decent conference framework programme and the three official stages in the exhibition area had a rather impressive set of security speakers such as Prof. Taher el-Gamal, Martin Schallbruch of the State Department or Horst Flätgen of Federal Office of IT Security. Though spanning a much larger scope than EIC, Identity Management and Privacy Protecting Technologies were key topics discussed.
Finally, there was one vendor event which really impressed me a lot. Being a former CA, Microsoft and Siemens employee, I do know what large corporations are able to pull off regarding trade-fairs and exhibitions as well as “in-house events”. But comparing a Microsoft booth at Cebit, a CA InExchange or similar events just did not do well. Ok, Microsoft TechEd, SAP SAPPHIRE and CA World are all a close call. But Oracle OpenWorld in San Francisco this year was by far the most exciting and entertaining event!
Let me give you a little impression of the breadth of topics that I (as an Identity, Privacy & Security Analyst) was confronted with:
- Big Data
- Cloud Services
- Database Management (doh!)
- Secure Programming Guides and Secure Development Programmes
- Hardware and the opportunities of full HW/MW/SW Stacks (see? I did not use “advantage”!)
- Bring Your Own Device (yeah, many Oracle people had personal “i”-devices with them!)
and many more!
Ok, the topics I can really give an insight on where the following:
It really looks like Oracle assimilated the Sun Hardware Business – the racks could be seen all over the space in San Francisco at Oracle Open World. Of more interest to me, was how they would present their integration efforts in the IAM space, as they had also acquired a large amount of Intellectual Properties and code around role-mining and attestation from SUN.
Sadly, they did not really make that a topic but continued to refer to their „suite“, which from my point of view still lacks some deep-end integration regarding the OIA (Oracle Identity Analytics). At least it looks like the 12g releases will deliver on that. I meet with some happy customers though, who had deployed this „component“ of the suite and they were all boasting how easy it was to setup and how they could impress their management with quick-wins. Well, that was always „inside“ the products core, which I had the honor to work with during previous engagements. What I felt was missing a bit, is to stress the actual „power of the suite“: if you deploy OIA for analysis and re-certification (attestation), it is (or at least should be) a natural choice to have that co-deployed with OIM and get all the changes delivered automatically. There is Integration, and Oracle worked a lot on that behind the scenes. But there is still some way to go, for example by having one workflow system instead of two for OIA and OIM – again something that is said to become available with 12g.
Another point that needs to be addressed with the suite offering is a much more customer centric approach of visualizing which component can help with which problem – a simple mapping would suffice! That would also help their field engineers and pre-sales staff which sometimes appear a little uncertain about which component to use when and about the dependencies of components.
So, it is nice to hear about deeper integration of the Fusion middleware component areas and how they work to together to make our life more enjoyable, but having some clear communication about “what fits where” in the IAM arena alone would help them a lot. Once the components (and please do not rename them again) went through that “matchmaking” from a marketing/sales perspective, everyone could better draw the lines and delimit what functionality comes with which component and how to combine elements to receive the expected functionality.
The last issue about selling an IAM suite I was curious about still remains unsolved: what to do if customers already have some components in place and will not want to migrate those? Selling a suite into a large organization may be like dumping a large black monolith into their IT. Having the components sharply delimited but at the same time tightly integrated is a key requirement for the vendor to successfully sell the suite. Keeping open interfaces and providing the customer the freedom of choice for selecting a competitive component for – let us say provisioning – is a key for customer success with their IT-landscape integration. While these goals seem to be contradictive at first, they become the same if you live up to your own pledge to support open and well documented standards and interfaces. As soon as all components of a suite support the same set of standards and interfaces, they are clearly delimited (hopefully) and can be mixed and combined to better match the actual requirements customers have. The big black monolith referred to above, then converts into a nice set up easy-to-connect Lego® bricks that enable customers to build their own suite. Given that the Oracle IAM suite in fact consists of many building blocks and that Oracle has a clear vision for (and is delivering on) a service-oriented approach to consume IAM services – the Oracle Service Oriented Security – they are well positioned to tell a much stronger story here than they sometimes do.
The real Cloud – now available at Oracle (and only there!?)
According to the first entertaining minutes of Oracle CEO Larry Ellison´s keynote at Oracle Open World, Oracle is now the only vendor to offer a real cloud – whatever that is supposed to mean. At least Hasan Rivzi elaborated a little more of the details how to register, pick services, select the payment plan (!) and then get the service created and defined. I am so happy about that update, as Larry rather concentrated on bashing that certain other Cloud vendor, whose CEO-keynote had been “postponed” the day before. At least in Germany, bashing the Co-Opetition is not considered good business conduct. At least not if you continue to brag over 90 minutes how much their services are inferior to your own (which have not even materialized yet). Well, as mentioned, Hasan explained in more detail how PaaS and IaaS offerings will be shaped and differentiated from the competition. A big focus will be on Java-based offerings, but my main points of interest were that key things like “Complete Isolation” of the different environments, SSO for the applications created, Centralized User Management with Delegated Administration for all of the above as well as Identity Federation between internal and Cloud Applications. That will be accompanied by “caging” resources and dedicated virtual machines per client, to keep the customers more secluded and to avoid “leaking” of data between environments. Another nice point to add: Data Integration is supposed to make moving data to the Cloud and back from the Cloud to your internal apps easier. Still unclear how that will actually work out, though.
I will return this year to see how the Suite approach was refined and how my (and some highly respected analyst folks) advice was used to push the capabilities of existing modules!