One size fits all?

30.01.2008 by Martin Kuppinger

One trend observed is that the so called “Identity Managers”, e.g. the provisioning products, are constantly growing in functionality – and complexity. This isn’t surprising. There is strong competition between vendors and thus many vendors try to add all the functions which are offered by other vendors. The customers as well expect very complete products. But there are two things which should let us think about this strategy:

  1. The increasing complexity: Thus it really make sense to create more and more complex products?
  2. The still existing weaknesses: In many areas there are better solutions available as separate products than are implemented in most or all provisioning products. Have a look at business role management, GRC (Governance, Risk Management, Compliance) functionality, or workflows.

Besides this, there is not just one user group which has to deal with identity management. There are departmental managers which have to do some attestation and to invoke workflows. There are the persons which act as interface between IT and the rest of the organization which, for example, have to deal with the translation of business roles into system roles. There are technical administrators of the connected systems. With other words: There are several levels within the organization which have to be adressed – and there are several technical layers.

I personally don’t believe that more and more complex provisioning products are the best answer for the customer’s requirements. In contrast, a modular approach with defined interfaces and defined responsibilities would suit much better in most cases, especially in the larger companies. For smaller companies, a one-stop-solution might be appropriate. But in that case it has to be one which is pre-configured and easy to use, something which isn’t delivered today.

My expectation is that the market will change, with vendors who offer modular solutions (or just some modules) in a service-oriented architecture and others, who focus on the midsize market with integrated products. But todays approach to put more and more functionality (business role management, auditing,…) into a technical product will fail. Like yesterdays “Enterprise Systems Management Frameworks” have failed.


6,5 billion GBP spent for social networks in UK

23.01.2008 by Martin Kuppinger

Some days ago I received a press release which stated that in UK the cost of social networks is around 6,5 GBP – at least a recent study claims it to be that high. Such numbers are always questionable, for sure. Which are the real costs of someone maintaining his own social network? Difficult to calculate… But: Even 1 billion would be too much.

There is some value in social networks, especially in business networks. But it is obvious that it takes a lot of time to maintain contacts, find people you know and especially to do this multiple times for different networks. I personally have chosen to limit myself to three networks: Xing, LinkedIn, and StayFriends. And I really hate it to do the same work in Xing and LinkedIn.  I could easily split half my own “costs” for maintaining social networks if I easily could exchange information between these networks. User-centric IAM approaches applied to social networks thus might cut the costs significantly. One more reason to doubt the future of today’s social networks.


Posted in IAM market, Social networks, User Centric IAM | Comments Off

OpenID and the critical mass

23.01.2008 by Martin Kuppinger

Even while it isn’t real news, being known for some time, it is an important announcement: Yahoo will support OpenID. All 289 million users may use OpenID beginning end of this month as an ID to access other OpenID websites as well – like this blog. This is definitely a breakthrough for OpenID as approach for an universal identifier in the internet. Even while it will take some time for adoption through the Yahoo user’s and for support of OpenID on other websites this announcement is a major step towards the critical mass which is required for broad adoption of any new standard and technology.

And, an interesting coincidence, I heard these days some interesting rumors that there will be some major announcements about Microsoft CardSpace/Infocard implementations soon. No more details right now – but it proves the increasing interest in the technologies of user-centric identity management.

I might still take some time from these announcements to achieve the critical mass for a broad adoption of these both technologies. But it is obvious to me that user-centric identity management is close to the predicted success. Thus everyone should think about the implications for himself personally as well as for his business. User-centric identity management is a business technology, with implications going far beyond of what most people expect today to happen (how about your corporate internet business card?).

By the way: Between writing and posting this blog entry Google announced OpenID support as well. Even while limited to their Blog tool it seems like OpenID support is starting to become a differentiator between competitors. That’s definitely a good sign for the future of user-centric Identity Management.


Posted in User Centric IAM | Comments Off

Data leakage prevention

09.01.2008 by Martin Kuppinger

I’ve observed an increase in discussion around data leakage prevention – finally. This discussion is overdue, given the fact that data leaks are common in most corporations. Internal documents, eMails, blueprints aren’t under control in most cases.

The need for data leakage prevention automatically leads to two topics: Information Rights Management (IRM) and Identity and Access Management (IAM). Both are tightly coupled. Identity Management is about managing the identities. Access Management is about controlling access, but mainly to defined “information silos”. Information Rights Management is about controlling access to information in the flow. But, in fact, IRM is nothing else than a specific for of Access Management – isn’t it?

If you look at Microsoft’s advances in IRM with Windows Server 2008, the central role Identity Management has for IRM becomes obvious. The most important improvement is the integration of Identity Federation and IRM, with the result of Federated Rights Management Services. This isn’t surprising, because IRM requires the knowledge of the users, groups, and roles which shall have access to information. That is easy within an enterprise, but it becomes a quite complex issue in the communication with more or less tightly coupled business partners. Federation is the obvious answer to this.

Thus, IAM and IRM will grow together over time, with IRM as a specific application of IAM. Companies which face the data leakage problem – virtually every company – have to define their strategy for IRM in the context of IAM. This context is necessary because IRM requires reliable identity information and because IRM is just another form of Access Management. And a major topic at our European Identity Conference.

The good news is that this dependency is seen by some vendors as well. The bad news for Data Leakage Prevention is that there are neither standards nor implementation which will cover the entire breadth of (electronic) corporate information, e.g. from Microsoft Word to CATIA to Lotus Notes. But the growing demand for solutions might change this over the next two or three years.


© 2015 Martin Kuppinger, KuppingerCole