For years identity management has been like the weather, IT pros might talk about it, but they've never done anything about it. That's finally changing.
In an age where SaaS is assumed to be part and parcel of IT services, and users are coming into the network on a variety of devices and from different locations, identity management has finally become a sharp enough pain point to get the attention of IT planners. At least that seems to be the feeling at the Interop New York conference happening this week.
Wednesday's three keynote presenters, including the CIO of New York city, a top cloud evangelist for Microsoft, and Cisco's mobility chief all included at least some discussion of identity management in their presentations.
It's not hard to see why. IT pros are users too, and they're no better at remembering dozens of user names and passwords than anyone else. If for some reason they don't feel it personally, a simple glance at the top helpdesk issues in almost any organization will bring the problem into focus.
But the job of actually fixing the problem has historically been problematic. Fixes have been both expensive and less than universal. That's not exactly a formula that places the technology at the top of IT's list of things to do.
Microsoft's answer has always been that the world should revolve around Active Directory. That's now changed, at least from the point of view of Microsoft's cloud chief. In demos at the Interop show, Microsoft showed how Facebook authentication (and its peers) could be used with applications developed in Azure. That may not sound very appealing to IT types, but that Microsoft is open enough to work with third party authentication sends a strong message about what it'll take for SaaS vendors to flourish in the enterprise.
IT pros now routinely understand the importance of extending identity management outside of their own organization. In our recent survey , less than a quarter of IT pros said they they wouldn't extend identity management's reach outside of the company, but of those, slightly more than 50% said that they didn't see a reason for it. It's the rare business that isn't either using SaaS apps, or letting external users access some resources, or that doesn't want to access resources of partners. Chances are very good that there's a good reason to extend identity management past just the company.
Cisco, for its part talked about the need for user, device, and location authentication. With typical users running around with laptops, smart phones, and now tablets, it's not hard to image sets of policies that depend upon who you are, where you are, and what sort of device you're using.
I'm not completely convinced that Cisco should be the engine for creating those policies, or for enforcing them--at least not in whole, but the network should be the conduit for collecting the user's particulars and presenting credentials for authentication.
For IT teams, the bottom line is that if you haven't got an identity management scheme in place--one that supports single sign-on for both internal and cloud-based apps--now is the time to figure it out.
Since this policy will affect end users, and the selection of items including SaaS applications, corporate execs and line of business managers need to be brought into the policy discussion. If the app doesn't meet your authentication requirements, then you need to pass on it--no matter how cool it is--and your business-side colleagues need to understand that.
Telling them about an identity management policy only when you're about to prevent their use of a chosen SaaS app won't win you any friends.