Will IBM change the way we do PAM (or PIM or PUM)?

22.12.2009 by Martin Kuppinger

I’ve blogged several times about PAM (Privileged Account/Access Management) in the last few months, stating that I expect more integration of PAM with existing IAM applications (Here, here, here, and here). Now IBM is moving forward on this with their PIM offering. It’s interesting to observe what IBM is doing these days. There hadn’t been that many news from IBM for a pretty long time. But this year IBM has increased its speed significantly. The release of TIM 5.1 with many significant improvements, their approaches around risk and compliance with tight integration to TIM as well as other IBM products, and some other news prove that IBM is back on track and should be rated amongst the leading vendors in the broader IAM space again – with some interesting visions and strategies, becoming a trendsetter in some areas.

Amongst them is their PIM approach. IBM isn’t new in that market. Their TAMOS (Tivoli Access Manager for Operating Systems) products is out for many years. But right now, they are building a solution which is tightly integrated with TIM and TAM E-SSO (Tivoli Access Manager Enterprise Single Sign-On). Shared IDs can be provisioned by TIM and TIM as well manages pools of shared IDs. TAM E-SSO checks out/in shared IDs when accessing apps. Thus, IBM drives the tight integration of provisioning, E-SSO, and PAM which definitely makes sense. However, the integration is currently within the IBM world of IAM apps, not beyond. Anyhow, this is an interesting approach and IBM is currently leading this trend.

The solution is currently deployed as IBM Global Strategic Solution, e.g. bei IBM Global Services to selected customers, thus at the first stage to general availability. But for existing IBM customers (TIM, TAM E-SSO) it is definitely worth to talk with IBM about that.

An interesting question in this context is whether this will affect the overall PAM market. First of all, it confirms what I’ve described earlier in my blogs: There will be a convergence of PAM with provisioning and other IAM solutions. And with more vendors providing such integrations (some are providing some integration or are working on that), customers are likely to pick the “integrated PAM”. However, there is no doubt that at that point of time the PAM specialists in most cases have more feature-rich offerings, which might complement even these integrated PAM approaches or replace them in case that specific features are required. Thus, there will be a “stand-alone” PAM market for the foreseeable time. On the other hand I expect more acquisitions of PAM specialists to happen given that the larger vendors might want to speed-up the development of their integrated PAM offerings by acquiring a product and integrating it. Another point to mention: IBM’s approach shows that PAM is moving out of a niche towards a mainstream IAM market segment.

For now, it is to me to wish you all a MERRY CHRISTMAS and a HAPPY NEW YEAR!

And don’t miss EIC 2010 and Cloud 2010 next year! Hope to see you there and to discuss some of my thoughts with you in person.

The simple cloud API – a step forward?

09.12.2009 by Martin Kuppinger

Some few weeks ago, the “Simple Cloud API” has been announced. The company behind this is Zend technologies, which calls itself “The PHP Company”. More important is the fact that Microsoft and IBM are amongst the supporters of Simple Cloud API. That means that there is a significant momentum behind that approach from the very beginning.

One could argue that this is just another standard or API besides so many approaches we’ve seen recently. However, the Simple Cloud API is somewhat unique for some reasons:

  • It is focused on PHP. You may like PHP or not but it is an important language for web development.
  • It is currently focused on the infrastructure layer, with (at the beginning) support for file services, document services, and simple queueing. That might change over time, but it adds to the mainly management-oriented standard approaches which dominate the emerging cloud standards.
  • It is usable. It is not a XML-based protocol but really an API which interfaces with existing services. Ready to use from the beginning – look here. However, it is under development so some things might change.

The approach of the Simple Cloud API is simple: A PHP API and adapters to existing services, including the ones of Amazon EC2 and Windows Azure.

Thus the Simple Cloud API is not only simple but close to be ready-to-use (close to because it still is under development). But it is definitely worth to have a look at.

Posted in Cloud | 1 comment

Vendors – lemmings or another species?

02.12.2009 by Martin Kuppinger

I had several interesting discussion with some vendors about the future of some market segments in the IAM market. And when I look at these markets (and many other IT markets, including the emerging cloud market) one thing becomes obvious: Established vendors tend to act as sort of lemmings. What do I mean by that? There is an idea that appears to be successful for one vendor. Then other vendors tend to follow without really analyzing whether this is really the best approach. They frequently claim that their customers are requesting that type of solutions. But: Their customers are frequently just looking at different solutions which are available at that point and pick features which are available. Once they have the tool in production, they might ask for additional features. But customers don’t tend to invite the products they might need for being successful for the next years.

This customer focus (most product management is focused on customers only, with some competitive analysis) is important – no doubt about. But there are some threats:

  • It is hard to create an USP when being sort of a follower to the market. OK – larger vendors might rely on their sales strength but that doesn’t always work.
  • Building products and product architectures for what is common might lead into dead rows. Changing that, either by acquisitions and their integration or re-architecting products,┬áis expensive.

Overall I strongly recommend that vendors add the look beyond the current state and the obvious next steps. Some of the more innovative features might require significant changes to the product, thus development has to start early. Besides: Adding this view to your roadmap neither hinders you in developing mainly for the features which are requested today by customers nor is it really expensive – some few days of workshops with thought leaders and the creative guys within the vendors will probably lead to a big step forward towards this.

But until now, there are more lemmings than other species. Or, to stay within another comparison from a management book I’ve read years ago (“Dolphin strategies”, I can’t remember the author – sorry): There are more sharks than dolphins. The author divided the business people into three categories:

  • Sharks: Aggressive, trying to make their own way with elbows out.
  • Carps: Doing there job at the minimum level, nothing else.
  • Dolphins: Jumping out of the water, trying to detect new horizons (and, by the way, very willing to kill the holy cows of other people – I liked that…).

And dolphins are what is needed to detect new horizons, with some carps making things real and the sharks selling it. But lemmings seem to avoid dolphins, for some reason.

Posted in IAM market | Comments Off
© 2015 Martin Kuppinger, KuppingerCole