Research: Identity Management
Identity Management: SaaS, Mobility Add Urgency
Identity management is an essential concept: A much-publicized 2007 Microsoft study showed the average employee had about seven logins to remember—and that was before we piled on SaaS and mobile devices. Yet just 27% of the 438 business technology professionals responding to our 2011 Identity Management Survey say their organizations have what we consider comprehensive deployments, defined as company-wide internal IdM plus cross-domain use for outside vendors and partners.
No wonder people use sticky notes to manage user names and passwords.
For vendors, meanwhile, confusion reigns. In 2009, when we last surveyed readers on IdM, the topic du jour was federation and collaboration with external suppliers. Today, you have “bring your own identity,” or BYOI, not to mention cloud-based federation, hybrid IdM, identity access management, single sign-on and access risk management. These are all labels vendors have tacked on to one general technology and process set, working toward a single goal: to make sure people are who they say they are, and then give them the right level of access.
Vendors tell us they keep tweaking offerings in an effort to reduce costs and jump-start enterprise adoption, which seems to be stalled: A large majority, 81%, of IdM users have had the technology in place for more than a year vs. just 9% for less than one year. But as a practical matter, IdM systems seem to only add complexity and confusion and increase the need for customization, always a losing proposition for IT.
We’re really not surprised at the minuscule increases overall in adoption since our 2009 poll. The consumerization of IT and adoption of more SaaS-based apps for business use should spur a sort of IdM renaissance. Whether it will or not is something we’ll be watching. (R3020911)
Survey Name: InformationWeek Analytics 2011 Identity Management Survey
Survey Date: June 2011
Region: North America
Number of Respondents: 438
Table of Contents
4 Author’s Bio
5 Executive Summary
6 Research Synopsis
7 Is Alice Really Alice
8 Impact Assessment: Identity Management
9 Yeah, There’s a Business Case
14 Employees Are Consumers, Too
17 Checklist: Identity Management Products
19 To the Cloud?
23 Identity Management Policy Guidelines
24 I Agree, So How Do I Do It?
33 The Road Forward
34 Appendix
38 Related Reports
About the Author
Michael A. Davis is the CEO of Savid Technologies, a technology and security consulting firm based in Chicago, and an InformationWeek Analytics contributor. Michael is also a contributing author of Hacking Exposed, the No. 1 text on hacker methodology, and the new Hacking Exposed: Malware and Rootkits.
He is a senior member of the HoneyNet project, where he is working to develop data and network control mechanisms for Windows-based honeynets. Michael is an active developer in the open source community and has ported many popular network security applications to the Windows platform, including snort, honeyd, dsniff, and ngrep. He has spoken at several conferences around the world, including Defcon, CanSecWest, Toorcon and MISTI, as well as to local groups.
Be the first one to comment.