I was going to open this issue with the phrase "the more things change, the more they stay the same" but I've used that a lot lately (which probably reflects more on our industry than it does on my thought processes). Instead, I'll say, "Everything old is new again."
Last week I had the chance to talk with SailPoint's Mark McClain (CEO) and Kevin Cunningham (president) about the product/application/service they were releasing this week -- IdentityIQ Lifecycle Manager. This will be a part of the IdentityIQ suite of governance products. But this new module revives an old niche, and one that both McClain and Cunningham are very familiar with -- electronic provisioning.
Both guys (along with a large part of the rest of SailPoint's management) originally came out of IBM Tivoli to start Waveset, which was the premiere provisioning vendor at the time it was acquired by Sun Microsystems early in this century. Most of the Waveset people went along to Sun, and most left after a couple of years to form SailPoint, now a premiere vendor of governance solutions.
According to Cunningham, the time just seemed right for a new approach to provisioning -- one that was an outgrowth of governance and relied less on the need for large consulting contracts for implementation. It could probably be called "Provisioning 2.0" if that meme wasn't so hackneyed.
The three key points McClain and Cunningham wanted to make about the new service were:
* Simplified deployments -- This approach begins with the mining and modeling of all necessary information about users, access privileges, roles and policy into a single governance platform, enabling organizations to automate access request and provisioning processes without extensive workflow and custom coding. This reduces custom coding requirements by 200 percent to 300 percent.
* Lower deployment costs -- The new service provides an open and flexible approach to the "last mile" of provisioning -- the connector layer where changes are executed on IT resources -- by supporting multiple techniques and processes for making changes to resources. This eliminates the hundreds of thousands of dollars organizations typically spend on "last mile" integrations. Where connectors are needed, they will be supplied, but where all that's necessary is an e-mail to a resource owner, then that's what will happen. Because it all takes place within the governance framework, there's no loss of visibility of what's occurring.
* Business and IT alignment -- Using an interface designed like an e-commerce shopping cart the module is designed specifically for business users to request access and manage user life-cycle events. Traditional provisioning tools were designed for use by IT administrators and were too cryptic and technical for business users. With its business-friendly user interfaces, SailPoint hopes to make it easy to involve business users in all identity management processes, such as access requests, change approvals, access certifications and role life-cycle management.
It's an interesting new take on provisioning, and knowing the track record of McClain, Cunningham and their crew I'd say it has a good chance of changing the provisioning landscape.