Identity Management: Critical Components

Identity management (IDM) software helps organizations effectively manage the job of providing the right users with access to the right system and application resources. This includes employees, customers, contractors, business partners and anyone else on the network. This complex job can be accomplished through several best-of-breed products or through a suite of applications.

Understanding the Market

The Radicati Group in Palo Alto, Calif., breaks out the market this way:

Full suites. These vendors offer solutions that include directory services, provisioning, secure access and authentication, and sometimes federated identity elements. According to Forrester Research, the clear leaders in this category include:

• Sun Microsystems
• IBM/Tivoli
• CA Inc.

Jonathan Penn, research director at Forrester, says Novell is a second-tier player, with good products but a persistent inability to capitalize on that and gain significant market share. Meanwhile, Oracle is an up-and-comer that is beginning to capture significant new business, especially through its acquisitions, he says.

According to Penn, Microsoft is an important player, especially given its Active Directory. However, the company doesn’t provide the level of functionality and support for heterogeneity that enterprises need in identity management solutions. Other major players include Hewlett-Packard and Siemens, according to Radicati.

Provisioning. These vendors specifically provide user lifecycle account management. Companies in this segment, according to Radicati, include Beta Systems, BMC Software, Courion, Fischer International, MaXware (just acquired by SAP) and others.

Secure access and authentication. These vendors offer secure access and a range of authentication products, such as smart cards and biometric devices. Companies include EMC (RSA Security), Entrust and many others, according to Radicati.

Federated identity. These vendors and service providers help companies establish secure virtual communities, where customers and partners can visit and conduct business on different websites with a single log-in. This relatively new area will grow more important over the next two years, Radicati says, mentioning representative companies such as HP and Ping ID.

Business drivers. The drivers behind IDM demand have traditionally included:

• Streamlining, cutting costs and reducing error rates of user account management, including the frequent need to modify and disable accounts, reset passwords and update user profile information.
• Minimizing unauthorized access to sensitive systems.
• Opening the network to partners and customers.

Regulatory compliance. Regulatory compliance is fast becoming a top reason for implementing IDM, according to Radicati. IDM suites can help companies comply with Sarbanes-Oxley, HIPAA and others by providing audit trails of all user actions and prove that no users have violated their access rights or used digital resources inappropriately.

Market size. IDM has become a key component of companies’ information security programs. In the past year, worldwide deployment has grown by well over 50 percent, according to a February 2007 study by Radicati. The study also found that the IDM market will reach over $2.8 billion this year in worldwide revenues and will grow to almost $13 billion by 2011. This includes full suites, provisioning, secure access/authentication and federated identity solutions.

User provisioning is the main engine in support of IDM activities, according to Gartner, whether as a point product or as part of a suite. From 2005 to 2006, user-provisioning revenue grew 12.3 percent, and Gartner expects continued growth through 2009. As of mid-2007, 20 percent to 25 percent of midsize to large enterprises worldwide have implemented some form of user provisioning, Gartner says, with another 25 percent to 33 percent evaluating solutions.

Market trends. Consolidation in the IDM market has been hot since 2002, and while it has slowed, acquisitions will continue, Gartner says. In the provisioning space this year, SAP acquired MaXware (a user provisioning and virtualization vendor), and Oracle bought both Bridgestream (an enterprise role management software vendor) and Bharosa (an online identity theft and fraud software vendor).

Earl Perkins, an analyst at Gartner, anticipates further acquisitions in the role management arena, as many vendors are now partnering with vendors such as Vaau, Eurekify, Bhold and SellPoint, which do role mining and discovery.

Obstacles to implementation. IDM initiatives are complex and require experienced management to increase the chance of success, according to Gartner. Although Gartner says success rates have improved over the years, IDM projects–particularly provisioning efforts–still have a significant failure rate, due primarily to scope definition and managing to that scope.

Common obstacles to successful provisioning implementations include the following, according to Forrester:

• Perceived high implementation and services costs (relative to license costs)
• Unduly long and winding curves of defining business roles for provisioning
• Securing the appropriate level of organizational support
• Spending enough time on business process redesign and role design
• Consolidating user repositories.

Key strategies. These obstacles can be circumvented by following several strategies:

• Start modestly. Implement some of the foundational elements of an IDM system first for some quick ROI.

• Get support. Gartner says it’s crucial to gather the appropriate political support within the enterprise and to select an effective program partner outside the company (consultant or system integrator) that understands the business and technical issues of IDM.
• Involve your developers. “Every hour your developers spend alongside the vendor’s connector specialist will help your team become self-sufficient with connector development,” says Andras Cser, senior analyst at Forrester.

(For more about IDM implementation, see “Identity Management: Implementation Dos and Don’ts.”)

A complete IDM system includes the following elements:

• Directory services
• Access management
• Password administration, including single sign-on
• Identity authentication
• User provisioning
• Compliance auditing
• Role management
• Federated identities, which enables the creation of virtual communities of customers and partners that can conduct business on different websites with a single log-in

Mary Brandel is a freelance writer. Send feedback to Editor Derek Slater at dslater@cxo.com.