Many companies and organizations are asking what the best identity and access management (IAM) technology is for a particular need. The needs may be very specific (e.g. on boarding of staff), very new (integration of social media accounts for customers), to very broad (full identity, credential, and access management). The biggest thing that scares people about identity and access management is the breadth of options – the domain itself is huge.
Any reasonable-sized organization has likely touched most parts of what identity and access management encompasses. Integrations of systems that were built a decade ago, systems that came through acquisition, mergers, and spinoffs. I know of major companies that are big M&A players and their acquisitions are still logging in to their old Active Directory and they have their own email domain still.
Identity and access management technology has until very recently been treated as a cost, a necessary evil. The pieces have been built and bought from so many places that instead of looking like a puzzle that fits together nicely, the “identity solution” looks more like an amorphous blob with lots of baling wire and duct tape thrown in to try to keep things running. The breadth of capabilities is to blame and there are very few coherent solutions that can handle taking apart the Gordian knot that many companies face.
This all sounds rather doom and gloom doesn’t it? The good news is that the industry has grown up and there are some enterprise grade systems that are available to solve the business problems CIOs and IT departments are facing every day. The bad news is that the field is broad and the effort may look more like a large-scale systems integration play than a typical IT project. However, if the correct approach is taken, Identity can become a foundational technology that improves operations, and it can even become a competitive benefit.
Think of things this way – nearly every single system that a company, government, or other organization uses has an Identity component. Logging in is easy – but once you get into identity and access management you start to uncover so much depth it is astounding. From rights management (what are you allowed to do? What are others allowed to do?), to deep authentication (smart cards, multi-factor authentication) to protect the more sensitive systems and sub-systems, to trust circles and federation – the list of capabilities is huge.
The integration efforts will have to be done at some, that much is inevitable. Doing it right though, and you lay a foundation that your organization can rely on – one that scales, adapts while maintaining consistency, and allows your organization to quickly adopt new technologies and deal with your employees, your customers and suppliers, and the general consumer market. That is a foundation worth building (and the fact that it will save you money is a nice bonus.)