2010 #GartnerIAM – the rise of identity intelligence
If you attended Gartner’s IAM Summit in San Diego last week, you may have a few lumps on your head. They’re from being beaten over the head with the identity intelligence stick. Earl Perkins led a charge up the slope of business importance for identity management that hopes to secure it a place in the highest levels of business intelligence and decision support. I’m all for it. One thing that was said on stage more than once was that if the IAM professionals of the world keep concentrating their efforts on plumbing like provisioning connectors they are going to be out of a job as vendors make those bits of pipe commodity. A bit melodramatic, but not entirely untrue. But what didn’t float down from the high minded discussion on stage was a clear set of examples for this identity intelligence. Even in the final session of the conference’s second day, the audience was asking in several forms for the panel of analysts to give some clear use cases. And in the very last session folks commented that they felt like most of this intelligence stuff was too high minded to use in practice. Of course, it’s not really fair to ask for all that. Partly because it’s not the place of the analysts to put things into a final form and partially because it breaks their business model to give you the whole picture in the conference. The conference is that start of a process they would like to draw you into – a process the people who can’t see it all clearly probably need more than those who can.
I think intelligence, on every level of IT and security and especially in the world of IAM, is poised to make a big impact. It only makes sense. The technology is there to do it. Intelligence is all about saving time and effort, which means saving money. There is no better time for money saving ideas than right now. Some in the hallways were very unconvinced. But it reminded me of the quote from Gandhi: “First they ignore you, then they ridicule you, then they fight you, then you win.” I’d say the majority of the people in the halls were somewhere between the ignoring and the ridiculing. Few seemed prepared to fight. And just a handful came by the Quest booth asking about that label “Identity Intelligence” on our signs like it was a good thing. We’ll be rolling out our vision of a way to apply intelligence to IAM soon enough. And the idea that there is too much emphasis on plumbing is exactly the right mindset. Those seeking use cases really ought to look in the pantheon of classics. Because intelligence won’t be about doing different things in most cases. It will be about doing the same things in a better way. Intelligence will also deliver on goals in IAM project plans that, in the past, seldom became reality.
Not every session was focused on the intelligence theme. The sessions with Bob Blakley and Lori Rowland were much more practical, of course, having the Burton Group spin to them. My personal favorite session was one presented by Perry Carpenter called “Innovative Plumbing: Five Out-of-the-Box Ideas for Leveraging Your IAM Investment in Unexpected Ways“. Perry took the audience through some counter-intuitive sounding pieces of advice that were very practical. You can get the slides online, but the gist of the list was this:
- use a virtual directory for easier migrations & application development
- use ESSO usage statistics to provide BI/DSS for roles & provisioning
- save on cost with identity graveyard outside directories where you’re paying per user fees
- use your web proxy to deliver policy detail that explains effects of bad behavior like malware just in time as users commit out of policy offenses
All of it is sound advice. It all stresses something we don’t hear enough in IAM – KISS (keep it simple stupid).
About the Identity Sander
- "So what you mean is we don't need policy now because you guys can fix it all later, right?" Um. No. Not really. #security #facepalm:: 59 minutes ago
- and #hacker movie trivia. @securityweekly shames me with one I really should have got /cc @InfoSec_World (2/2) youtube.com/watch?v=WjrvxJ…...:: 1 day ago
- First, the serious bit of #security #philosophy with @securityweekly at the #InfoSec con /cc @InfoSec_World (1/2) youtube.com/watch?v=NeC8hi…...:: 1 day ago
- Yes & don't forget AD #AuthN & data access - Clean Break: Block Ex-Employees' Access inforisktoday.com/clean-break-bl… by @euroinfosec #security #IAM:: 1 day ago
- I sometimes wonder if some of the people really upset about online #privacy overlap with people screaming #PII into mobiles on NYC streets:: 2 days ago
- RT @STEALTHbits: WEBINAR: 1 day left to register! Solve the #IAM blindspot & adopt a better #InfoSec posture @sanderiam @joe_carson | https…:: 2 days ago
- math giveth #encryption, and math will take it away youtu.be/12Q3Mrh03Gk #security via @PBSInfinite:: 5 days ago
- RT @STEALTHbits: 5 Trends for Security Professionals #infosec #GDPR, @sanderiam bit.ly/2oXYC5P:: 1 week ago