San Diego - Identity management (Compare Identity Management products) is evolving to include a closer recognition of risk and how to manage it rather than trying to eliminate it using technology, according to the head of the Burton Group consulting firm.

“Companies are looking at controls from a risk perspective instead of trying to control everything,” said Jamie Lewis, CEO of the Burton Group during the opening day of the firm’s annual Catalyst Conference. “It is about people managing risk and not about technology trying to make risk disappear.”

Lewis says these changes are the by-product of the pressure compliance and government regulations are putting on corporations to develop identity infrastructures.

He said enterprise identity management today is more accurately explained as a set of business processes and infrastructure that provide access control specified by policies.

The changes are being felt with other components of identity management, which are beginning to pick up steam in terms of corporate adoption.

The acceptance and understanding of federation has progressed this year with users finally starting to understand how to build and maintain relationships, Lewis said.

“Federation allows you to do a distributed connectivity model so we are seeing more and more demand for it,” said Gerry Gebel, an analyst with the Burton Group.

Lewis also said provisioning is starting to see some successful deployments, although failures with the technology tend to be earth shaking events that cast lots of negative light.

Overall, he said the discussions around managing identities, which has been the dominant topic of conversation in the past, is giving way to the notion of using identity for enabling security and control.

Lewis also mentioned services and the impact they are having on identity management saying applications will eventually have to have some knowledge of the set of services that live in the infrastructure and what is on the client side. He also said virtualization will exact its evolutionary step on enterprise and identity infrastructure.

He said companies should be thinking about their identity deployments as a set of interconnected components and an architecture that is built piece-by-piece over time.