Skip to main content

Identity In The Modern Enterprise

I was on a webinar last week by the highly articulate Eve Maler from Forrester, where the discussion was around the future of identity and access management.  Everyone has an opinion on the future of everything, and IAM is certainly no different.  The view of IAM 1.0 (enterprise provisioning) and IAM 2.0 (federated identity, 'cloud' services and so) is continually evolving and it's pretty clear that identity management now has a greater role to play for many organisations, as they look to embrace things like increased mobility and out sourced service driven applications.

Enterprise Evolution - Mobility
Everything evolves.  OK, so apparently alligators haven't changed that much in 37 million years, but most things, especially in business, evolve to the point of least resistance, or more importantly to the point of greater return on investment.  From a simple technology perspective, many organisations have grown to embrace the use of things like increased mobility.  What does that mean?  Well, I'm referring to things like remote working, 'tele-working' (unless of course you work for Yahoo), always-on smartphone access and an increased use of personal devices (BYOD).  Mobility can help reduce the standard fixed costs of running an organisation (at both the start-up and enterprise level), by not having to worry about physical office locations for example.  By getting employees to cut out the daily commute, organisations are also squeezing out extra output, either physically by getting more hours, or through greater innovation due to more relaxed and less-restricted employee working patterns.

Enterprise Evolution - Services over Applications
Another major area in the enterprise evolution process, is the increased sign up to services or outsourced applications.  Applications historically have either been developed in house, or licensed from 3rd party software vendors (either large or small).  These applications had their data stored locally (by local, I just mean within the confines of the corporate LAN) and were delivered either via web interfaces or thick clients.  Authentication and authorisation was managed, if not internally to the application, certainly internal to organisations, via corporate LDAP directories and relational databases.

We're now seeing nearly every possible combination of applications, made available as subscription based services.  Freemium business models.  One month trials.  Pay as you go.  Multi-tenant delivery and even just the same application you previously licensed, but hosted by someone else.  From a business perspective everyone's a winner: faster implementation; cheaper costs; risk free payments; zero development or installation costs.  Barriers to entry for new businesses also fade away, as you can be up and running with CRM, accountancy, collaboration, document storage and communications services within minutes. Either free, or costing peanuts with simple credit-card signup.  But has this go to do with identity?

How Identity Can Play a Part
Identity has a huge part to play in this evolutionary process.  All of these new methods of working, still require the basic principles of authentication, authorisation and accountability.  Regardless of whether you access the CRM system from your iPhone via 3G or public wi-fi, or via a desktop PC on the corporate LAN, an identity holds together the context of who should access what and why.  Technological solutions will obviously fill the void for the basic connectivity and integration tasks.  I'm thinking of things like web SSO, mobile application provisioning and sign in and 3rd party sign up.  This increased level of complexity from both a user and application perspective, requires an increased level of complexity on the management of identities too.  Complexity doesn't necessarily mean difficult however, it just requires a greater understanding of the challenges and pit falls that lie ahead for organisations looking to embrace greater flexibility and returns on investment.

Instead of identity becoming the bolt on, or audit after thought, it becomes central to enabling organisations to leverage things like service driven applications, 3rd party identity providers and mobile working.

By Simon Moffatt


Popular posts from this blog

2020: Machine Learning, Post Quantum Crypto & Zero Trust

Welcome to a digital identity project in 2020! You'll be expected to have a plan for post-quantum cryptography.  Your network will be littered with "zero trust" buzz words, that will make you suspect everyone, everything and every transaction.  Add to that, “machines” will be learning everything, from how you like your coffee, through to every network, authentication and authorisation decision. OK, are you ready?

Machine Learning I'm not going to do an entire blog on machine learning (ML) and artificial intelligence (AI).  Firstly I'm not qualified enough on the topic and secondly I want to focus on the security implications.  Needless to say, within 3 years, most organisations will have relatively experienced teams who are handling big data capture from an and identity, access management and network perspective.

That data will be being fed into ML platforms, either on-premise, or via cloud services.  Leveraging either structured or unstructured learning, data fr…

Customer Data: Convenience versus Security

Organisations in both the public and private sector are initiating programmes of work to convert previously physical or offline services, into more digital, on line and automated offerings.  This could include things like automated car tax purchase, through to insurance policy management and electricity meter reading submission and reporting.

Digitization versus Security

This move towards a more on line user experience, brings together several differing forces.  Firstly the driver for end user convenience and service improvement, against the requirements of data security and privacy.  Which should win?  There clearly needs to be a balance of security against service improvement.  Excessive and prohibitive security controls would result in a complex and often poor user experience, ultimately resulting in fewer users.  On the other hand, poorly defined security architectures, lead to data loss, with the impact for personal exposure and brand damage.

Top 5 Security Predictions for 2016

It's that time of year again, when the retrospective and predictive blogs come out of the closet, just before the Christmas festivities begin.  This time last year, the 2015 predictions were an interesting selection of both consumer and enterprise challenges, with a focus on:

Customer Identity ManagementThe start of IoT security awarenessReduced Passwords on MobileConsumer PrivacyCloud Single Sign On
In retrospect, a pretty accurate and ongoing list.  Consumer related identity (cIAM) is hot on most organisation's lips, and whilst the password hasn't died (and probably never will) there are more people using things like swipe login and finger print authentication than ever before.

But what will 2016 bring?

Mobile Payments to be Default for Consumers

2015 has seen the rise in things like Apple Pay and Samsung Pay hitting the consumer high street with venom.  Many retail outlets now provide the ability to "tap and pay" using a mobile device, with many banks also offer…