2010 has been a very eventful year for identity. It has been a solid year chock full of M&A activity and innovations – all good signs that Identity and Access Management (IAM) continues to be a vibrant and relevant space in the information security market. Below are some rants on my perspective of the events in IAM in 2010.
First Off, A Round of Applause…
I recall my very first blog post, which went on in early December 2009. I figured that if I could pace myself, attempt to keep the blogging throughput up, and tah-dah… a year and 28 blogs later, here we are!
I would like to thank the identerati. I must confess that knowing that people other than my wife and immediate family actually read these articles fuels my will to continue, and scares off the temptation of giving up. I would also like to thank Ash, Clint and Mohamed, who have helped me improve many of the articles I have posted.
So, How Did Our Predictions From Last Year Fare?
Not bad really. Turns out that several of the considerations and predictions we laid out came through, or are just turning into reality now:
- The advent of IDaaS is evident: There is a clear shift in favor of paying on-demand versus buying perpetual licenses in IAM technology, which is well aligned with the SaaS paradigm. There are several options for IDaaS available in the market, many of which, including ours (known as SCUID) are getting customer traction. I believe this trend will continue and accelerate in 2011 as the market continues to mature and the shift towards cloud computing continues. I predict that cash will continue to be king in 2011, and OpEx will rule. I would venture that the business models around IAM solutions will evolve in more creative ways: from traditional/ perpetual licensing, to per-consumption/per-transaction, to performance-based with creative clauses for SLA penalties and the like. The shift will be towards a value-based and results-based relationship. In other words, if the IAM solution delivers, it stays on; if it doesn’t, it will be turned off faster than ever before. Additional validation of this trend in 2010 were the emergence of a few MISPs (Managed Identity Service Provider), particularly, the ones that derived from traditional MSSPs.
- Identity assurance is making headway: This has been evidenced not only by the US Government establishment and progress in both the ICAM and DHS’s “National Strategy for Trusted Identities in Cyberspace”, but several developments in other regions, such as the UK Government, EMEA and the Government of Canada. The evolution and broadening participation and representation in Identity Assurance standards development by the identerati, both in Kantara Initiative as well as in other organizations is very encouraging. As well as some really interesting acquisitions in the strong authentication space.
As a side note, one acquisition that I hadn’t had much chance to discuss was Anakam’s acquisition by Equifax in October of 2010. This acquisition is intriguing to me, in that it may put Equifax on the map as “Identity Brokers” (citing Andrew Nash’s definition) come to market in 2011.
- The emergence of IAM intelligence; as defined by Earl Perkins. In 2010, we have seen serious advances in various IT security approaches that are now intercepting with IAM to deliver unprecedented visibility, more effective and agile security controls and overall greater business value. Customers are embracing approaches such as Identity Activity Monitoring, and leveraging IAM to enrich their SIEM or DLP solutions. We see increasing customer interest in this kind of converged approach, and predict that this trend will intensify in 2011. I am hoping to write a separate blog article to focus on my predictions for 2011, so I will try to limit this article to doing a check-and-balance on what we predicted for 2010.
Among some of the interesting developments in 2010 for us at Identropy, is validation that our advisory services programs are in fact addressing a heart felt need in the IAM market. We cited a very palpable customer case study in a blog article in early 2010, and as of today, we are averaging 0.75 advisory services engagements per month (3 completed engagements every 4 months), which is very encouraging. To us, this speaks to the maturity of the market as a whole: customers are looking at validating their approach to an IAM initiative more frequently than before. We have seen drivers for this validation span from proactive planning, to getting a second opinion before making a product purchase, to an after-the-fact recalibration after the completion of a phase in the IAM program.