Our feature this issue takes a look at a subject that the IT community will be hearing a great deal about in the next few years: identity management.
Like any new, large computing application or concept, the term is often a source of confusion. That’s largely because so many vendors from so many different areas of IT have attempted to mold the concept to fit their aims by providing a unique definition for the idea that’s at the root of it all.
That idea is all about making the management of employee access to corporate resources much simpler, much faster, more automated and much safer. Sounds like a great concept, but it seems that it is in danger of succumbing to one of the unalterable laws of IT: the greater the promise of an idea, the greater the confusion surrounding it.
Just look at the concept of Web services for a recent example. By involving hardware manufacturers, software makers, security firms and a host of other vendors, the question of “What is Web services?” was not far from many tongues when vendors first began to really push it approximately two years ago.
The hope is that the same fate will not befall the idea of identity management. But the same kinds of “definitions dangers” lurk around every corner along the path that leads towards identity management Utopia.
Hardware vendors will concentrate on the ability of their products to easily integrate into an identity management architecture. Software vendors will tout the myriad IM features that they will say set their suites apart from their competitors’ offerings. Services firms will bombard CIOs and IT department managers with a plethora of promises that will attempt to make the Herculean task of integrating identity management-ready components into the network seem like child’s play.
And security vendors will use the concept as a platform to introduce all kinds of new security features, such as single sign-on (whereby employees have but one password to access everything they need on the network), to jittery IT departments.
All legitimate messages, no doubt. But when combined, they can make for quite a dissonant symphony in the ears of those charged with buying and implementing an IM-ready system. For the time being, that cacophony will most likely be limited mainly to the ears of the Fortune 1000 companies. With the complexities involved in adapting most networks to become IM-capable, and with a disturbing lack of standards in place around many of its key ingredients, adoption may in the short term be limited to these larger organizations.
Eventually, however, IM will filter down to smaller outfits on a large scale. Hopefully by then, the procurement process will have been simplified. Those interested in implementing IM today, however, can get the coffee going and the No Doze out of the medicine cabinet, because there will be some long nights ahead spent sussing out the complexities of this promising technology.