Are We Ready For Managed Identity Services?
There have
been several announcements recently around identity management as a
managed service:
- Oracle
and Wipro are going to market together with managed services supporting Oracle’s entire portfolio of identity
management products. - Covisint
launched its Trusted Identity Broker, an outsourced service that helps organizations quickly deploy
federation and connect to partners through Covisint’s established and
successful federation hub. - Mycroft
merged with Talisen and the new company, Mycroft Talisen, is blending identity management system
integration with outsourced operations. For those who don’t know these
companies, Mycroft is a boutique
integrator focusing on identity management, and has been involved in some of
the more envelope-pushing deployments, though it is their expertise and
efficiency in implementations for the rank and file that have brought them the
greatest success. Talisen provides managed services in Network and
Security Systems Management, and consulting in BPM and IT Process/ITIL.
Each has a
different perspective on the challenges of identity and the value proposition
they offer; and that difference is worth examining.
each provider brings to the table:
- Wipro’s core competency is in operations. They offer support for the
entire Oracle Identity Suite, but most of its experience is in Web SSO (a
market in which it used to compete with its own product). This would seem to
work best for organizations that already have an outsourcing relationship with
Wipro, and those who are are specifically interested in (or indifferent to)
using Oracle’s identity products. - Mycroft Talisen’s core competency is in implementation from the
standpoint of integration and customization. It brings identity management
expertise that covers all products and are vendor agnostic – it has a
solid track record for all the major brands and products, and experience with
many others. Its implementation expertise also takes form in managing the scope
of application integration and business process design efforts. All its
implementations are grounded in what Mycroft calls "Base Builds" for
the various products that are on the market. The approach speeds delivery
and directs clients’ time and money to those things that are specific to their
environments rather than to what has been repeatedly solved in the field. - Covisint’s competencies are in implementation from the standpoint of application
integration and in the related area of federation interoperability. It’s
technology expertise gets federation projects up and running more quickly from
an application integration standpoint, while it addresses clients’ partner
interoperability and the business trust issues through its role in managing a
trusted network of connected organizations. Early interest and easy
opportunities will likely come suppliers or partners of Covisint’s automotive
clients. There are many other opportunities for market expansion – financial
services, healthcare, insurance, government – that can follow, but in each
vertical they will face the hurdle of finding an anchor tenant.
the real barrier to identity management adoption that managed
services removes? And which provider is in the best position to remove it?
- Is
Covisint right? Is federation adoption so disappointingly slow because
companies are worried about competing standards? That is indeed a real concern.
But the inability of most to draft a convincing business case, lack of solid
identity infrastructure built out, and lack of eager partners with whom to
federate, are the principal market inhibitors working here. - Is Wipro right? Is the operational overhead
in maintaining a functionally rich identity management infrastructure holding
back the market? Very doubtful. Otherwise, we’d see many functioning projects
abandoned, scaled back, or already handed over to Wipro and other firms
competent at wringing efficiencies out of working systems. - Is Mycroft Talisen right? Is it the unexpectedly or unacceptably high
initial costs around application integration, systems integration, and
business process and policy modeling that repeatedly cause organizations to
reset initial expectations, miss project goals, or abandon their identity
management endeavors altogether. I certainly think so. The operational
component is needed and perhaps attractive, but the initial complexity and cost
which are the inhibitors for IM adoption.
So my bet
is on Mycroft Talisen. And hats off to them for coming together with just the
right vision, with just the right approach, at just the right time. Their
combined expertise in id mgmt implementation and managed services/operational
support are just what’s needed to show the way towards identity management for
the masses. They certainly aren’t the only ones focusing on expanding the
market pie by making identity management more digestible, rather than just
selling more products: I see PwC’s precanned business processes for identity
management performing a similar value in a related realm.
To that,
all vendors and providers should look with some envy, but more with
appreciation. It’s a sad fact that after all this time, identity management
remains a set of technologies attainable only to the privileged few willing and
able to invest so much time, effort, and money. This is why it’s so frustrating
for us at Forrester to watch all these excellent thinkers and developers
focusing on such speculative concepts like user-centric identity when, more than
10 years after LDAP, most applications are still not even directory enabled and
the state of most organization’s identity data infrastructure remains one of
ghastly disarray. The promise of identity hasn’t been held back by vision or
technology, but by plain old market execution. Vendors too often reach for the
promise of the next big thing like children in front of a shiny new toy,
leaving customers with last year’s tattered and faded technologies that
fall far short of sustainability.
If Mycroft
Talisen succeeds, and we think they will, it won’t cause major disruptions or
displacements in the vendor or services landscape. Let’s put this in
perspective: I don’t expect Mycroft Talisen to reach Infosys-level
proportions. But many vendors and services firms will watch, learn, and
emulate. Managed identity services is precisely what we need to start expanding the addressable market for
identity management beyond the Global 2000 to a market more than ten times that
size. And for that, we heartily applaud each of these three vendors in
taking the first credible steps.