As lost as we might be right now, the future is very, very bright. One of the biggest forcing functions that I see on the horizon is cloud computing. It’s one thing to have a whole bunch of internally controlled silos that don’t talk to each other — but imagine all those silos spread across the internet.
Cloud computing is a practice that garners high risk without disciplined Identity Management. Enterprises have traditionally had the luxury of laziness when it comes to application integration because removal of physical and network access can compensate for late or non-existent deprovisioning of internal accounts. There is no corporate perimeter to save you with cloud computing. Automated Enterprise control of at least web access or account status is the only way to mitigate the risk for customers of any size – and this is a great thing, because it means that practically every customer of a cloud service has an identical worry. When the vast majority of the the client base has an issue, that issue gets vendor attention.
In addition, it is obvious that a huge number of SMALLER Enterprises are going to subscribe to cloud services. More than anything, I’d like to see resources in place such that at the time a smaller company makes that jump, they can find and follow a few cookbook Identity practices that most Enterprises don’t think to care about until they have severe pain. If we can help smaller companies to institute solid, integrated Identity practices BEFORE they buy big HR products and massive internal help desk systems and complicated document management software, maybe we can ease the pain before it ever starts, rather than having to apply band-aids after the fact. Preventative medicine is so much cheaper for all, isn’t it? Perhaps when faced with the choice of adopting an easy-to-integrate cloud service or an impossible-to-integrate in-house software product, companies will choose easy-to-integrate. If that happens, suddenly those big, lumbering software vendors might get a clue that they cannot operate in a vacuum, and that ease of integration matters.
Case in point: the company I work for, Nulli Secundus. We recently abandoned our Sun Messaging Server installation for a cloud service. One of the biggest complaints about Sun Messaging Server was its complete and utter inability to facilitate integration of the web client into our SSO infrastructure – not being able to integrate is pretty embarrassing for a company that specializes in Web Access Management. With the cloud service, SAML support is already there, waiting for us. The decision was a no-brainer, the cloud service made it unbelievably easy to switch. I imagine a lot of small companies are doing the same thing. Once we get SAML integration working for this first service, integration of following SAML-enabled services will be effortless – application sales & marketing teams with any kind of intelligence should see that this waiting and available infrastructure is great sales leverage. These are the trends that turn into tipping points enacting massive change – we just need to seize the opportunity and provide guidance & pressure in order to maximize the benefit while things are forming and flexible.
So – our current state doesn’t keep me up at night. Not when we have all of this opportunity in front of us…