Integrated identity management: How to get it?

Highlights from the EIC World Cafe session

We tried an experiment at the recent Kuppinger-Cole European Identity Conference called a "World Cafe." This is an "un-conference" style session with open-ended discussion among the participants centered around a specific area.

We tried an experiment at the recent Kuppinger-Cole European Identity Conference called a "World Cafe." This is an "un-conference" style session with open-ended discussion among the participants centered around a specific area (click here for details of World Cafe meetings).

This was an extension of my keynote address, "Integrated Identity Management: What it is, why you need it, how to get it," and was most concerned with the "how to get it" section.

VERIZON STUDY: Data breaches quintupled in 2010

Integrated identity management (IIM) consists of having the right IdM/IAM services and applications assembled in a seamless way so that there are no holes and so that it Just Works. You need this, of course, because almost all of the data breaches we see involve holes in the system, poor connectivity of security and protective services or took advantage of manual procedures to evade policy.

I wanted reaction from the attendees as to the best ways of delivering IIM: Should it be "Best of Breed" solutions or should a single vendor provide all of the services? Should the applications and services be housed in the data center or in the cloud?

We didn't get the amount of participation we'd hoped for (mostly due to logistical issues), but the input we did get showed that feelings about these four areas are very similar all around the world as the European reaction mirrored reactions from North American and Asia-Pacific surveys of these same areas.

What we found is that there are still issues of trust, and worries about security, in the cloud. The recent outage at Amazon's EC2 cloud platform seems to have really raised the anxiety level about data availability in the cloud with folks (probably irrationally) feeling that services hosted in the data center have greater uptime.

The "Best of Breed" label may be on its last legs. The problem is that no one can agree on what's best. As someone said, if there really could be an objective "Best of Breed" then we'd only have one religion and one political party! Instead, participants seemed to coalesce around the thought that what was important was that they have the services that they perceived were the ones they needed. The number of vendors delivering these services was irrelevant. More vendors require the more diligence on the end user's side to be sure that everything works together seamlessly with no holes, but the benefit of getting the right services outweighed the benefit of a single vendor providing better connectivity and "fit."

It was an interesting, and reassuring, exercise.

Learn more about this topic

Amazon: Bad execution during planned upgrade caused outage

Corporate data breach average cost hits $7.2 million

Sony apologizes, details PlayStation Network attack

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Must read: 10 new UI features coming to Windows 10