Compliance drives identity management growth

Regulation and compliance are continuously driving adoption ofsecurity and identity management technology, and while leadingvendors are successful in providing end-to-end tools for largerenterprises, there is lower uptake among small and medium-sizedshops, an industry analyst said.

Smaller firms typically deploy one or two components of identityand access management, but vendors are failing to “bring someclarity regarding fit, purpose, and price to SME decision-makers,”said Darin Stahl, research analyst at Info-Tech Research in London,Ont.

“SME’s are being presented confusing offerings from full suites,provisioning tools, secure access and authentication tools, andfederated identity products,” said Stahl, adding that if vendorsfail to communicate the value of identity management as individualcomponents, lower uptake in SMBs will continue.

Open source vendor Novell Inc. has been a dominant player in theidentity and access management space, reporting a revenue of US$63million for the first quarter of 2006 from its system, security andidentity management products, an increase of 20 per centyear-over-year from 2005.

Organizations are realizing the value of identity management,specifically on workflow automation, said Kent Erickson,vice-president and general manager for identity and resourcemanagement and workspace solution, for Novell in Waltham, Mass.

He said customers are generally looking at efficiency aroundsingle sign-on capabilities as an initial step towards identitymanagement.

“Once [customers] get a single sign-on solution they look atways to automate new stuff. So automated workflow is driving a keyinterest right now,” said Erickson.

At this week’s BrainShare 2006 event in Salt Lake City, Novellannounced enhancements to its identity and access manager tooldubbed Designer for Identity Manager, based on the Eclipse opensource framework. Designer allows users to customize, test, deployand document identity management implementation.

Large-scale deployment of identity and access managementtechnologies is seen in the healthcare, government and financialservices sectors, according to Loren Russon, director of productmanagement for Novell. He said this is mainly driven by regulatorycompliance initiatives.

While its adoption of identity management tools are drivenlargely by data security and privacy requirements, the healthcaresector is not particularly concerned whether the software is opensource-based or not, according to Info-Tech analyst RossArmstrong.

“Although a hospital might start shopping for an identitymanagement solution, the hospital probably doesn’t care too muchwhether or not the solution is based on open source software,” saidArmstrong. “What’s important to them is compliance with thelaw.”

Novell’s Russon, however, maintained that when it comes toidentity management, integration is important and open sourceinitiatives would enable that.

He cited Project Higgins, an open source project initiated byIBM Corp., which would develop the framework for developingauthentication and other identity management technologies.

“It’s critical that the way identity (management) works is openfor everybody to participate,” said Richard Whitehead, productmarketing director for Novell.

Whitehead explained that if a particular authentication toolfails to provide the functionality the organization requires, itwould be able to go to another open source-based tool that canprovide the needed capability and, at the same time, work well withthe company’s existing applications.