I’ve been listening and watching lately, and there are some interesting independent things happening that I expect could knit into a very entertaining next 3 quarters. Something is telling me to swing away; so here goes.
Identity Management Tool Hiatus
The Sun/Oracle takeover has everyone aflutter over which tools will stay and which will go, and what the resulting stuff will look like. I think the interesting thing is that no matter what happens, you can pretty well guarantee that while Oracle sorts out what to keep and what to shelve, both Oracle Identity Manager and Sun Identity Manager will come to a developmental standstill. Coincidentally, this matches the Microsoft delay of release to manufacture of MIIS/ILM/FIM.
Even before the announcements above, all was very quiet on the home front for IdM. It seems obvious to me that all the big stack vendors have scurried off into their war rooms and are frantically trying to figure out how to set up their stacks to transparently support the rollout of cloud offerings. This means there is probably an architectural pause going on, as everyone tries to get from theoretical to concrete with their sanity and business plans intact.
Immediate Status Quo Interruption
Meanwhile back in the real world, cloud mania is causing every Tom Dick and Harry who runs a software shop to ask themselves whether they could offer their product as a service. While the think tanks are pondering the cloud as a big fat integrated platform offering, a whole new generation of application vendors are simply putting their software online as services, any which way they can.
Short Cuts and Regretful Choices
The services out there now have not had the benefit any kind of cloud philosophy. Applications are offering the usual set of poor choices for access and user management, doing the bare minimum so that they can focus on their “core” service. Lured by attractive cost and immediate gratification, Enterprises won’t see the risk, and won’t think to do two critical things: track beyond the departmental level what services are engaged, and set policies around minimum security requirements.
Stir it all together and…
So where do all these little tidbits take me when I connect the dots? I see a big issue looming on the horizon: a proliferation of untracked administrative web interfaces on the open internet, protected by unencrypted and buggy login forms which are open for anyone to probe. Even in cases where the login process itself is reasonable, Enterprise assets are at the mercy of the quality of an admin password. Ask Twitter, it’s a big problem. Crack one admin password in a poorly-secured application, and you may gain instant access to many other better-secured services – unless of course you really believe administrators will use a different password for each of their multiple services.
With the advent of these kinds of issues, provisioning could transition from being a back-room necessity with minimal business impact and no real SLA requirements, to being an activity that incurs serious risk for the organization. Enterprises will realize that they need to do one of two things; add an extra physical layer of security to each and every administration console, or pull those consoles off of the internet altogether, opting instead for an automated API call that can be locked down six ways from Sunday. You better believe that application vendors will go along for the ride; submitting to one of these choices is a lot better than having Enterprises simply abandon services and return back to intranet solutions.
The big Identity players do not have the agility to respond properly to these kinds of pain points; but the little guys do. I think that a few small agile companies are going to swoop in and provide consolidation services for administration console interfaces in the cloud. Others will create Identity Provider services and products that allow the Enterprise to distribute 2-factor authentication tokens for use at multiple sites on the internet.
Somebody is about to steal home. Who will it be? Come to my Glue Talk and we can debate in person…