Regulation and compliance are continuously driving adoption of security and identity management technology, and while leading vendors are successful in providing end-to-end tools for larger enterprises, there is lower uptake among small and medium-sized shops, an industry analyst said.
Smaller firms typically deploy one or two components of identity and access management, but vendors are failing to “bring some clarity regarding fit, purpose, and price to SME decision-makers,” said Darin Stahl, research analyst at Info-Tech Research in London, Ont.
“SME’s are being presented confusing offerings from full suites, provisioning tools, secure access and authentication tools, and federated identity products,” said Stahl, adding that if vendors fail to communicate the value of identity management as individual components, lower uptake in SMBs will continue.
Open source vendor Novell Inc. has been a dominant player in the identity and access management space, reporting a revenue of US$63 million for the first quarter of 2006 from its system, security and identity management products, an increase of 20 per cent year-over-year from 2005.
Organizations are realizing the value of identity management, specifically on workflow automation, said Kent Erickson, vice-president and general manager for identity and resource management and workspace solution, for Novell in Waltham, Mass.
He said customers are generally looking at efficiency around single sign-on capabilities as an initial step towards identity management.
“Once [customers] get a single sign-on solution they look at ways to automate new stuff. So automated workflow is driving a key interest right now,” said Erickson.
At this week’s BrainShare 2006 event in Salt Lake City, Novell announced enhancements to its identity and access manager tool dubbed Designer for Identity Manager, based on the Eclipse open source framework. Designer allows users to customize, test, deploy and document identity management implementation.
Large-scale deployment of identity and access management technologies is seen in the healthcare, government and financial services sectors, according to Loren Russon, director of product management for Novell. He said this is mainly driven by regulatory compliance initiatives.
While its adoption of identity management tools are driven largely by data security and privacy requirements, the healthcare sector is not particularly concerned whether the software is open source-based or not, according to Info-Tech analyst Ross Armstrong.
“Although a hospital might start shopping for an identity management solution, the hospital probably doesn’t care too much whether or not the solution is based on open source software,” said Armstrong. “What’s important to them is compliance with the law.”
Novell’s Russon, however, maintained that when it comes to identity management, integration is important and open source initiatives would enable that.
He cited Project Higgins, an open source project initiated by IBM Corp., which would develop the framework for developing authentication and other identity management technologies.
“It’s critical that the way identity (management) works is open for everybody to participate,” said Richard Whitehead, product marketing director for Novell.
Whitehead explained that if a particular authentication tool fails to provide the functionality the organization requires, it would be able to go to another open source-based tool that can provide the needed capability and, at the same time, work well with the company’s existing applications.