I gave a presentation to a local Identity Management user group recently and instead of speaking about the standard I decided to take a different angle. The presentation I wrote was more from the viewpoint as a customer/user of IdM rather than an industry expert. The frustrations that I have begun to have over the past year is from the Identity Management vendors and their messaging around what constitutes Identity Management and what is Federated Identity. For people like me, with extensive “legacy” identity management, the focus has been identity lifecycle management which includes extensive provisioning, workflows and governance. However, the IDaaS (Identity As A Service) movement are focusing more on centralized, cloud based authentication processes and less identity profiles, provisioning and very little governance within the solutions. This is a step backwards from a single solution that covers most of what you need. The industry thinking now is that you don’t have to have an enterprise solution but if you need an enterprise solution you cannot get it from the new IDaaS directions but complemented by multiple solutions. Provisioning, governance, workflow, authentication now pieced together, based on standards, to create your solution.
This is not necessarily a bad thing. This does give more freedom to swap out point solutions more freely but my point is that you need to look beyond the brochure buzzwords and don’t get sucked in to the perception that just because has Identity Management on the box that you are going to get a fully functioning identity lifecycle management solution. You may end up inadvertently creating more work for you or overselling a project and short your self requirements. Just my opinion from the inside looking out, but you can’t deny the marketing messaging meant to sell.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.