Identity mgmt questions you should ask

A half dozen years ago, network administrators and other insomniacs in the U.S. were regularly being confronted by the burly, bearded Billy Mays hawking OxiClean on TV. OxiClean is an oxygen-based bleach product (“powered by the air that we breathe and activated by the water you and I drink”), as opposed to the chlorine-based bleaches best represented by Clorox.

Mays, who started life as a carnival pitchman and moved to TV infomercials with little apparent effort, almost single-handedly turned OxiClean and its sister product OrangeGlo (“cleans with pure orange oil!”) into a $350 million a year business. So successful was he that mainline cleaning products companies (Clorox, Proctor & Gamble, Lever Bros., etc.) all came out with oxygen-based cleaning products, as well as orange-oil-enhanced polishes and cleaners. The small guy (Billy Mays) made the market and the big guys wanted to cash in.

Something similar appears to be happening in the identity management space.

The early pioneers have been making the case for identity management over the past few years. Suddenly, they’re an “overnight” success, and suddenly everyone wants a piece of the action.

That’s not necessarily a bad thing, but when you’re going to be the consumer of identity management products, especially in a Web services environment, there are a few questions you need to be asking. Among those are:

* How committed is the vendor to identity management – is it a primary focus area or not?

* Is the vendor offering a truly integrated partner solution or a co-marketing/co-selling relationship? 

* Does the joint solution provide more value than the stand-alone products? 

* How much of the technology in the proposed solution is owned by the vendor vs. licensed from third parties (and therefore potentially at risk)?

* Does your vendor provide end-to-end identity management (from the Web-enabled portal to back-end legacy applications)?

* As your business grows, so do user populations and the complexity of managing them. Does your solution require its own repository of identity information or can it link identity information from disparate data stores (“identity silos”) into a single, unified, virtual ID?

* Architecture DOES matter when it comes to Web services.  Does your identity management solution leverage current enterprise assets while providing for expansion into a Web services business model? 

* Will it perform and scale as your business moves to a more sophisticated, cross-organizational and transaction-based (complex, dynamic, constantly evolving) environment?

When a new “hot cleaning topic” comes along, most soap makers will abandon their orange and oxygen based products for whatever the new cleaning paradigm is. But Billy Mays will still be touting OxiClean and OrangeGlo because, unlike the big soap houses, he really believes in the products and he’s committed to getting them to work for you. When choosing your identity management partners, be sure to consider your vendor’s commitment to the technology.