The emergence of identity access management governance

* IAM governance includes identity audit and role management

I’ve been known to lump together Aveksa, SailPoint and Securent under the banners of “entitlements” or “governance” but all three, it seems, are adamant that – far from being competitors – they are actually complementary.

I had the opportunity to speak to the three at last week’s Digital ID World conference. I’ve known (and written about) SailPoint CEO Mark McClain and President Kevin Cunningham since their days with Waveset and later, with Sun. Securent Marketing Director Howard Ting has been a frequent name in this space through his stints at RSA, Identity Engines and Microsoft. Aveksa CEO Deepak Taneja has also been in the space (and in my interviews) since his days with Netegrity. These are all nice, trustworthy people, and when they tell me they aren’t competitors I believe them.

That’s not to say that all of them agree on how best to tackle your identity management problems; each does believe that you need to start with his products and services – while admitting that there may be one or more things you’ll need to add to the mix. Still, it can be somewhat confusing to tell them apart - especially when I’ve been lumpin’ them together!

McClain tried to explain it to me: “We see ourselves as part of the emerging ‘IAM governance’ space (Gartner’s term), which includes both identity audit (Aveksa) and role management (Vaau). So we see ourselves as complementary to entitlement management players like Securent. Interestingly, Burton takes a slightly different view, adding entitlement management to identity audit and role management to create a broader category of complementary technologies called privilege and policy management. Either way, I’m pretty sure most of us in the IAM governance arena see the entitlement management players as complementary to the audit/role vendors - in fact, just another set of entitlements for us to certify/audit.”

Personally, I like Burton’s idea of “privilege and policy management,” especially as it’s based on roles as a central piece. Most of these players agree that roles and role management, if not exactly necessary for their niche, is at least a desirable service to have.

There’s still a whole lot more to come from last week’s Digital ID World, including my introduction the guy that the Burton Group’s Gerry Goebel calls “The Father of Federation.” But that’s a story for next time.

Learn more about this topic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.

IT Salary Survey: The results are in