Those of us who have been around the industry for a while remember the transition from host-based to client/server computing. This change wasn't subtle, it turned the entire IT world upside down.
I anticipate a similar upheaval over the next few years around Identity and Access Management (IAM). I am defining IAM as the processes, tools, and data used to connect users to IT services in a secure and well managed fashion.
I firmly believe that much of the IAM infrastructure in place today just won't cut it over the next few years. Additionally, the transition won't be based upon product upgrades, new features, and niche vendors. Like the transition from host-based to client/server computing the whole enchilada will be blown up and put back together in a completely different way.
There are lots of reasons for this IAM metamorphosis but here are a few that top my list:
1. IT consumerization. The global population of consumers dwarfs the biggest organizations and these folks want access to personal and business services without having to register, create a profile, or generate another password. The IAM model that simplifies life for consumers will likely influence what happens in the enterprise.
2. Device proliferation. User identity isn't enough anymore, we need device identity as well. Why? The policies, rights, and content I receive on my Blackberry is inherently different than what I get on my Windows PC. Device security is also an important criteria for network access.
3. Cloud computing. As enterprise IT heads to the cloud, IAM goes along for the ride. This demands intelligent federation rather than enterprise centralization.
4. Security. Overcoming social engineering attacks, web threats, and fraud demands a new level of ubiquitous trust. Before I click on a link or connect to a DNS server, I want to know that these connections are real and authentic.
In combination, all these trends introduce unprecedented scale, complexity, security, and distributed architecture requirements to today's central IAM model. This is a complete mis-match.
I realize I'm not the only one who recognizes this. The U.S. Federal Government just put out a draft paper titled, "National Strategy for Trusted Identities in Cyberspace," that examines the problem and suggests some solutions. More on this document soon. Clearly this is a big issue that demands a lot of academic, industry, and enterprise input. I'll be tracking progress!