Hitachi ID Systems' CTO Provides a Candid Commentary
As 2011 comes to an end, Hitachi ID Systems CTO, Idan Shoham, provides his views about the current state of and future trends in the identity and access management market.
2011 IAM Marketplace Trends
In 2011, we saw rapid growth in the privileged access management market. Large corporations and other organizations around the world embraced advanced solutions to secure access to administrator accounts, service accounts and application-to-application accounts. I'm not referring to pilot projects or small deployments here; what we saw were multi-national implementations to secure access to tens of thousands of devices.
We also saw continued expansion in the IAM market. In particular, smaller organizations - with fewer than 10,000 internal users - made serious strides to acquire and deploy IAM systems. This is an interesting development because it shows that IAM total cost of ownership (TCO) is declining to levels where medium-sized organizations can realistically invest in IAM and achieve a return on investment in a reasonable timeframe.
Another interesting trend in 2011 was a renewed interest in self-service credential management. You would think that this was a solved problem or even a commodity, but two factors make this segment interesting again: user mobility and full disk encryption. Mobile users and encrypted filesystems make password reset, especially for off-site users with corporate laptops, a technically challenging problem - something that the large “stack” IAM vendors are not even trying to address.
Looking Ahead to 2012
Bring your own device
The pace at which users are bringing their own portable devices to work is accelerating. We see more and more users with their personal smart phones and tablets at the office, accessing corporate e-mail and applications. This is essentially the flip-side of cloud computing - the app moves to the cloud and the endpoint device shrinks and becomes more personal.
The “BYOD” trend is both unavoidable and troubling. Users, including executives, insist on the undeniable convenience of using their own, integrated and super-portable endpoint device. IT professionals are struggling to control access to sensitive corporate data on devices - which they do not control. It's going to take a lot of innovation to resolve this conflict, but maybe we'll see some progress in 2012.
It seems likely that vendor consolidation will continue in 2012. 2010 and 2011 saw the acquisitions of Passlogix, e-DMZ, Voelcker, BHOLD, Symlabs and Novell. I don't see anything to suggest that the acquisitions will stop here.
Identity and Access Management as a Service (IAMaaS)
Towards the end of 2011, there has been a lot of talk about IAM as a service. I think it's still early going - at least in the sense of IAM designed to manage on-premise identities and entitlements but hosted in a SaaS model. So what does this mean for 2012? Hosting an IAM system in the cloud (IAMaaS) and using it to manage identities and entitlements both inside the perimeter and in the cloud is still a new, risky game. This said, there will undoubtedly be some uptake in 2012, but just early adopters.
Identity Administration and Access Governance
Another interesting development in 2011 was the emergence of “access governance” as a separate product category, layered on top of “identity administration.” Currently, there are vendors in this market such as SailPoint, Aveksa and Approva. The thinking is that a requests portal, approvals workflows, access certification and policy enforcement should be layered on top of whatever IAM system an organization already has; something simple like incident management or more robust like a user provisioning system.
While I agree that these components are essential in an IAM system, I frankly don't buy into the idea that access governance is a new and separate product category. I don't think the vendors in that market believe it either - SailPoint is already reselling Tivoli connectors and Aveksa is developing their own. Other “access governance” vendors are sure to follow with a connector strategy of their own.
What I think is really going on is that a lot of legacy user provisioning systems have terrible user interfaces and astronomically high TCO. Organizations have had major problems deploying these products. Anything that allows an enterprise to expand the scope of their IAM system without going back to their “stack vendor” (for more shoddy software) is probably the best option, especially since it means they don't have to admit that they chose a poor identity management product in the first place.
But all this is temporary.
In 2012, I predict that we will see the market begin accepting identity administration and access governance as two sides of the same coin. Here at Hitachi ID Systems, we used to provide a separate access certification product; at some point we realized this was a mistake and simply folded the features into our Identity Manager. I expect that some of our competitors will do the same in 2012; they may even clean up their user interfaces and lower their TCO.
So what does this mean for the “access governance” vendors? They have to learn to compete with the big boys. Their solutions need to scale; running access certification for just finance and HR users does not qualify as an enterprise solution. They will have to offer connectors. And password management. And user enrollment. While developing an aesthetically pleasing user interface to cover up old junk is okay to sell for a little while, it's certainly not enough in the long run.
About Idan Shoham
In his role as CTO, Idan Shoham, is responsible for defining product and technology strategy and the overall development of Hitachi ID Systems solutions. Idan works closely with his talented team to ensure that the solutions that Hitachi ID Systems delivers to the market are of the highest quality.
About Hitachi ID Systems, Inc.
Hitachi ID Systems, Inc. is a leading provider of identity and access management solutions. Hitachi ID software helps almost 1000 organizations with over 12 million combined users meet security, internal control, regulatory compliance, IT cost reduction and user service objectives.
Hitachi ID Identity and Access Management Suite includes Hitachi ID Identity Manager http://Hitachi-ID.com/identity-manager/, Hitachi ID Password Manager http://Hitachi-ID.com/password-manager/ and Hitachi ID Privileged Access Manager http://Hitachi-ID.com/privileged-access-manager/. These products manage identities, entitlements and authentication factors across both on-premise and SaaS applications in the cloud.
Industry analyst Ovum Consulting recently recognized Hitachi ID Systems as an enterprise identity and access management powerhouse, citing the company's robust technology and exemplary customer support. Ovum “believes that Hitachi ID's focus on reducing the administrative and helpdesk burden and the company's focus on bottom-up IAM reflects the way in which organizations operate.”
For more information about Hitachi ID Systems and its products, please visit http://Hitachi-ID.com/ or call 1.403.233.0740.
For more information, please contact: