Groundhog Day: The Gartner IAM 2009 Event in Review

This year’s Gartner Identity & Access Management (IAM) Summit brought back memories of the classic Bill Murray movie “Groundhog Day.” Not to say that’s such a bad thing.

To be clear, the event was fabulously organized and run by Gartner. Rather, the phrase reflects the state of the Identity & Access Management (IAM) market today, which was on display throughout the two-day event.

Why is it that we keep discussing the same identity topics year after year? Well, it seems that we are continually pulling the infrastructure rug out from underneath everything we have discussed in the past. The current interest surrounding virtualization and cloud computing is forcing us all to reconsider the fundamentals of identification, authentication, authorization and beyond. Thinking back across the years, the same discussions were — and still are — being held for SaaS, ASPs, MSPs, extranets, intranets and other models for deploying and delivering software applications. All of these deployment models require the application of IAM methods in order to be successful.

See also: 6 Ways We Gave Up Our Privacy

Earl Perkins, research vice president at Gartner, launched the event with a teaser message that “IAM is dead” and that a “rebirth of IAM” was occurring. He also said that it was time for IAM to “grow up”. Greg Kriezmann, also a research vice president at Gartner, wondered if the identity stack would ever reach the same level of ubiquity and portability that the IP stack has achieved.

I was able to attend about a third of the sessions at the Gartner IAM event this year, and I enjoyed Bruce Schneier’s session for his ever-pragmatic view of security. With his fun analogies like “security checklists simply don’t work, because it is hard to get the hackers to follow the lists,” he discussed technology both as a disruptor to security and a leverage tool used by attackers.

See also: Social Networking a Tool for More Secure Identity Management? No Joke!

It was interesting to attend similar sessions to the ones that I had attended last year to see what had changed. Often I found that items discussed in the previous year were not being discussed this year, either because Gartner moved the topic to another research area or the priority for the topic had shifted to something new.

The client-led sessions and case studies were excellent, offering real insight to the practical challenges and innovative solutions being used to deploy IAM projects. Owen Unangst of the USDA, provided tremendous planning insight to a successful IAM project rollout with strong emphasis on “taking ownership” and the need ” to tell a story” to gain commitment to the project. Eric Sachs of Google, discussed their OAuth efforts and successes. Greg Kriezmann of Gartner, also held an excellent session on OAuth, OpenID and open source identity approaches but warned that organizations should be careful not to expect their IAM projects to “be free.”

The exhibit floor was well stocked with IAM vendors and was well attended by the conference attendees, however there were some notable vendors missing from the floor which did not go unnoticed by the attendees.

I look forward to Gartner’s IAM conference as an opportunity to get away from my day job, take off my blinders for a while so that I can explore other aspects of the IAM space and to speak with people, or analog avatars, about their successes and failures with IAM projects. The conference also provides valuable information and viewpoints to help discuss and present IAM issues and challenges when speaking to others about IAM. I’ll be back again next year to see if the groundhog emerges once again.

Robert Grapes is chief technologist for Cloakware‘s Datacenter Solutions business.