A Retrospective Look at Identity in 2011 and Predictions for 2012
As 2011 draws to an end, I can help but feel sentimental about this year and get anxious about next year. It has been a good year.
Looking back at 2011 and our predictions from earlier this year, it is great to see that we fared really well. Our mid-year check and balances already evidenced that we were on track with our predictions. The one prediction that we were undecided about in late June 2011: "Identity Administration Reaches Maturity" has come through in a strong form. This became evident in the second half of 2011, with traditional IAM product vendors announcing their plans to adopt a managed services model, in some cases, leveraging the cloud. We at Identropy can validate that customers are more and more are evaluating more mature models for adopting and implementing their core IAM solution, and that cloud or managed services models are becoming more predominant.
Looking forward to 2012, predicting what trend is going to “cross the chasm,” is at best a highly inexact science. However, and in our tradition of being opinionated, I will venture a few predictions that I believe should be tracked in 2012:
1) Identity Intelligence comes of age: According to Gartner’s Earl Perkins, “IAM intelligence represents the ability of IAM tools and process to (a) build effective repositories of identity information for IAM systems to use, (b) collect and correlate information about the IAM events that occur throughout the system with other important security events and information, (c) provide a means to monitor, analyze and report on what is happening within the IAM world for a number of constituents.”
The goal is to apply serious analytics to identity information that delivers business value to the organization. For example: a manager goes to an IAM portal to request creation of a new contractor working in her team and the system "suggests" the kinds of access that the contract may need based on the data already in the system and some applicable business rules. This helps the manager be more efficient, helps the organization better manage access, and ensures the end user has access to the resources she needs to do her job.
Over the past 18 months, “next-gen” access request applications have been introduced, bringing with them the promise that more intelligent and efficient access request processes will materialize. Furthermore, the maturity and greater sophistication of role management products have allowed organizations to make good sense of what bundles of access should be made available to drive the business, and leverage this information in ways that expedite key IAM functions such as on-boarding, transfers and termination of users.
These are just two factors that indicate the tipping point for Identity Intelligence is not as far off as many (including myself) once thought. The level and pace of innovation in this area is enough to expect great strides in effective and business-ready Identity Intelligence in 2012, most likely delivered as a service.
2) Consumer Identity Brokers prepare for prime time: An Identity Broker, or “i-broker,” as referred to by Wikipedia, is “a trusted third party that helps individuals and organizations share private data the same way banks help exchange funds and ISPs help exchange e-mail and files.” Think of PayPal as an identity broker for online shopping, or Facebook for information sharing on the Internet.
While the concept of identity brokers is easy enough to digest, making it work in a user friendly and privacy enhancing way is not so easy. It is widely accepted that identity brokers should be advocates of consumer privacy and protection. Andrew Nash perfectly encapsulated this requirement in his (Asimov-inspired) three laws of Identity Brokers:
- An Identity Broker may not injure a consumer, or through inaction, allow a consumer to come to harm.
- An Identity Broker must obey orders given by consumers, except where orders would conflict with the first law.
- An Identity Broker must protect its own existence as long as such protection does not conflict with the first or second law.
While Facebook has carved out a role for itself as the identity broker most trusted by consumers in social networks, it is fair to say that these laws are not its guiding principals, as seen by consumer revolt over Beacon and other privacy issues. Additionally, it is highly suspect that Facebook or rival identity brokers such as Google or Microsoft will be viable or trusted outside of social network transactions. It will be interesting to see how much progress we make in the coming year working through key issues such as:
- What use case or service will push use of identity brokers forward?
- Who pays for what?
- Who will regulate the integrity and security of identity brokers?
3) Behold the proliferation of the Managed Identity Service Provider (MISP): Just as the complexity of network security gave rise to the Managed Security Services Provider (MSSP) market (estimated by Forrester to be a US$4.5 billion market), the pain associated identity management has given rise to a similar trend. IAM specialists are now capitalizing on their expertise, delivering variety of specialized offerings including dedicated, hosted IAM services. Like any nascent market, there are several acronyms being used to frame this market, including IDaaS (Identity as a Service) and MIS (Managed Identity Services). We believe that this market will explode in 2012 with a variety of players entering in to the fray consisting mainly of software vendors offering hosted versions of their on-premise offerings, VARs specializing in Identity Management expanding into the hosted services market, and entrepreneurs opening up dedicated shops. Either way, the demand for specialized IAM services will explode in 2012, giving rise to the emergence of a much-needed new breed of service provider – the Managed Identity Services Provider (MISP).
How close to the mark these predictions are, only time will tell. Regardless, one thing I am sure of is that 2012 is sure to push the envelope forward when it comes to matters of digital identity, and we at Identropy are glad to be a part of it.
My best wishes to you and your family for a very healthy and prosperous 2012.
Oh, and about all this talk about the end of the world happening on December 21st, 2012, my prediction is that this will not come true, just like none of the prior doomsday predictions have not come true in the past.