Those of us who have been around the industry for a while remember the transition from host-based to client/server computing. This change wasn't subtle, it turned the entire IT world upside down. I anticipate a similar upheaval over the next few years around Identity and Access Management (IAM). I am defining IAM as the processes, tools, and data used to connect users to IT services in a secure and well managed fashion. I firmly believe that much of the IAM infrastructure in place today just won't cut it over the next few years. Additionally, the transition won't be based upon product upgrades, new features, and niche vendors. Like the transition from host-based to client/server computing the whole enchilada will be blown up and put back together in a completely different way. There are lots of reasons for this IAM metamorphosis but here are a few that top my list: 1. IT consumerization. The global population of consumers dwarfs the biggest organizations and these folks want access to personal and business services without having to register, create a profile, or generate another password. The IAM model that simplifies life for consumers will likely influence what happens in the enterprise. 2. Device proliferation. User identity isn't enough anymore, we need device identity as well. Why? The policies, rights, and content I receive on my Blackberry is inherently different than what I get on my Windows PC. Device security is also an important criteria for network access. 3. Cloud computing. As enterprise IT heads to the cloud, IAM goes along for the ride. This demands intelligent federation rather than enterprise centralization. 4. Security. Overcoming social engineering attacks, web threats, and fraud demands a new level of ubiquitous trust. Before I click on a link or connect to a DNS server, I want to know that these connections are real and authentic. In combination, all these trends introduce unprecedented scale, complexity, security, and distributed architecture requirements to today's central IAM model. This is a complete mis-match. I realize I'm not the only one who recognizes this. The U.S. Federal Government just put out a draft paper titled, "National Strategy for Trusted Identities in Cyberspace," that examines the problem and suggests some solutions. More on this document soon. Clearly this is a big issue that demands a lot of academic, industry, and enterprise input. I'll be tracking progress!
Cloud, mobility, security and IT consumerization obsolete current model
House Cybersecurity Caucus Launches New WebsiteNext Post next
Intel buys McAfee: My two cents
Among computer science grads, alumni from University of California, Berkeley, led the pack with a...
Sponsored by Brocade
Anticipating the next-gen data center
Sponsored by Brocade
Recent news from IBM and Microsoft highlight the upheavals underway as the technology industry...
The now-aging TCP/IP protocol might not be around for much longer. That’s if a bunch of researchers
The future of PCs will bring new chips, new memory types, and even new cables and chargers. Take a peek
Experts are in agreement that Software Defined Networking/Network Virtualization will make the network
The group has ties to the Chinese hacker underground and uses custom tools to attack companies,
From cell phones and cars to IPv6 security researchers have turned their skills against a world of
Technology and HR pros, as well as IT recruiters, share their advice on how recent graduates and those
Microsoft’s Scott Charney, Corporate Vice President for Trustworthy Computing, said the government has