There have
been several announcements recently around identity management as a
managed service:

  • Oracle
    and Wipro are going to market together with managed services supporting Oracle’s entire portfolio of identity
    management products.
  • Covisint
    launched its Trusted Identity Broker, an outsourced service that helps organizations quickly deploy
    federation and connect to partners through Covisint’s established and
    successful federation hub.
  • Mycroft
    merged with Talisen
    and the new company, Mycroft Talisen, is blending identity management system
    integration with outsourced operations. For those who don’t know these
    companies, Mycroft is a boutique
    integrator focusing on identity management, and has been involved in some of
    the more envelope-pushing deployments, though it is their expertise and
    efficiency in implementations for the rank and file that have brought them the
    greatest success. Talisen
    provides managed services in Network and
    Security Systems Management, and consulting in BPM and IT Process/ITIL.

Each has a
different perspective on the challenges of identity and the value proposition
they offer; and that difference is worth examining. Here’s what
each provider brings to the table:

  • Wipro’s core competency is in operations. They offer support for the
    entire Oracle Identity Suite, but most of its experience is in Web SSO (a
    market in which it used to compete with its own product). This would seem to
    work best for organizations that already have an outsourcing relationship with
    Wipro, and those who are are specifically interested in (or indifferent to)
    using Oracle’s identity products.
  • Mycroft Talisen’s core competency is in implementation from the
    standpoint of integration and customization. It brings identity management
    expertise that covers all products and are vendor agnostic – it has a
    solid track record for all the major brands and products, and experience with
    many others. Its implementation expertise also takes form in managing the scope
    of application integration and business process design efforts. All its
    implementations are grounded in what Mycroft calls "Base Builds" for
    the various products that are on the market.  The approach speeds delivery
    and directs clients’ time and money to those things that are specific to their
    environments rather than to what has been repeatedly solved in the field.
  • Covisint’s competencies are in implementation from the standpoint of application
    integration and in the related area of federation interoperability. It’s
    technology expertise gets federation projects up and running more quickly from
    an application integration standpoint, while it addresses clients’ partner
    interoperability and the business trust issues through its role in managing a
    trusted network of connected organizations. Early interest and easy
    opportunities will likely come suppliers or partners of Covisint’s automotive
    clients. There are many other opportunities for market expansion – financial
    services, healthcare, insurance, government – that can follow, but in each
    vertical they will face the hurdle of finding an anchor tenant.

But what is
the real barrier to identity management adoption that managed
services removes? And which provider is in the best position to remove it?

  • Is
    Covisint right? Is federation adoption so disappointingly slow because
    companies are worried about competing standards? That is indeed a real concern.
    But the inability of most to draft a convincing business case, lack of solid
    identity infrastructure built out, and lack of eager partners with whom to
    federate, are the principal market inhibitors working here.
  • Is Wipro right? Is the operational overhead
    in maintaining a functionally rich identity management infrastructure holding
    back the market? Very doubtful. Otherwise, we’d see many functioning projects
    abandoned, scaled back, or already handed over to Wipro and other firms
    competent at wringing efficiencies out of working systems.
  • Is Mycroft Talisen right? Is it the unexpectedly or unacceptably high
    initial costs around application integration, systems integration, and
    business process and policy modeling that repeatedly cause organizations to
    reset initial expectations, miss project goals, or abandon their identity
    management endeavors altogether. I certainly think so. The operational
    component is needed and perhaps attractive, but the initial complexity and cost
    which are the inhibitors for IM adoption.

So my bet
is on Mycroft Talisen. And hats off to them for coming together with just the
right vision, with just the right approach, at just the right time. Their
combined expertise in id mgmt implementation and managed services/operational
support are just what’s needed to show the way towards identity management for
the masses. They certainly aren’t the only ones focusing on expanding the
market pie by making identity management more digestible, rather than just
selling more products: I see PwC’s precanned business processes for identity
management performing a similar value in a related realm.

To that,
all vendors and providers should look with some envy, but more with
appreciation. It’s a sad fact that after all this time, identity management
remains a set of technologies attainable only to the privileged few willing and
able to invest so much time, effort, and money. This is why it’s so frustrating
for us at Forrester to watch all these excellent thinkers and developers
focusing on such speculative concepts like user-centric identity when, more than
10 years after LDAP, most applications are still not even directory enabled and
the state of most organization’s identity data infrastructure remains one of
ghastly disarray. The promise of identity hasn’t been held back by vision or
technology, but by plain old market execution. Vendors too often reach for the
promise of the next big thing like children in front of a shiny new toy,
leaving customers with last year’s tattered and faded technologies that
fall far short of sustainability.

If Mycroft
Talisen succeeds, and we think they will, it won’t cause major disruptions or
displacements in the vendor or services landscape. Let’s put this in
perspective: I don’t expect Mycroft Talisen to reach Infosys-level
proportions. But many vendors and services firms will watch, learn, and
emulate. Managed identity services is precisely what we need to start expanding the addressable market for
identity management beyond the Global 2000 to a market more than ten times that
size. And for that, we heartily applaud each of these three vendors in
taking the first credible steps.