A Few Thoughts After the Gartner Identity and Access Management Summit
Last week, I attended the Gartner Identity and Access Management Summit in Las Vegas with Entrust product manager Dave Mahdi. The event was much larger than last year’s and, based on a show of hands, the majority were first-time attendees. We were among that group, though I did go to their Security and Risk Management Summit in June.
By comparison, these are two very different events. There were some similar discussions that were held at each, but this event was all about identity and access management (IAM). One thing was abundantly clear though throughout the event, IAM is changing and changing fast. Mobile and cloud are leading IAM to new areas and driving resurgence in the need for IAM technology.
Analytics, intelligence and monitoring were discussed, but this was specific to mature organizations that are fine-tuning their current solution. I heard several times that there is a need for the basics of identity and access management and a newer approach that doesn’t attempt to “boil the ocean.”
Several approaches are coming out as clear winners: federation, governance and SAML, to name a few. Federation is winning out over enterprise single sign-on, Web access management, reduced sign-on and externalized authorization.
Federation, however, is undergoing a change. As more services and applications move to cloud-based offerings, the delivery of federation is changing to accommodate and vendors must adjust strategies to meet these new needs.
Governance is top of mind for many organizations and the features around the products addressing this are becoming much more robust. In fact, Gartner is combining the User Provisioning and Administration Magic Quadrant with the Identity and Access Governance Magic Quadrant.
The new report’s title is still in the works, but based on preliminary discussions it sounds like governance is taking the lead. For identity assertion protocols, SAML is the clear winner; however, Open ID Connect and OAuth 2.0 are more suited for mobile and will begin to see increasing traction over the coming years.
It was made clear that OAuth 2.0 has a large user base (around one billion), primarily all in the consumer space (e.g., Xbox Live, Twitter, etc.). We’ll see how they progress in the enterprise/corporate space. However, the lightweight nature of the two protocols will also help drive adoption as the preference shifts toward REST and JSON away from XML-based standards.
The market is in flux, as mobile and cloud continue to drive initiatives, technology vendors will move to serve those needs. These moves will likely focus to better suit end user needs. As an employee of an identity-security vendor, it is good to hear that user experience is crucial and imperative. As an end-user, I like to hear this; if the user experience isn’t intrusive or cumbersome, I am happy to take an extra minute to help keep my identity safe. This has always been important but the need is being exacerbated in the mobile age, think what happened with Mat Honan
One thing is for certain, the market will be very different in five years. Just think about the technology five years ago, who was anticipating iPads, Windows 8, Salesforce.com or Amazon Web Service? Fine, there were probably a few but those are the ones pushing advances. Just imagine what holiday presents your kids will want in five years. Probably not an IAM suite, but you get the point.