Frank Villacencio EVP Identropy

It’s that time of the year again.  In fact, it’s a little past the time when industry experts crawl out of the woodwork to offer their thoughts on what lies ahead.  When it comes to a discipline as complex and fluid as Identity and Access Management (IAM), predicting what trend is going to “cross the chasm,” and when, is at best a highly inexact science. However, for the sake of setting some industry benchmarks, here are a few topics that anyone who cares about identity and access management should be tracking in 2012.

1)  Identity Intelligence comes of age: According to Earl Perkins of Gartner, Inc., “IAM intelligence represents the ability of IAM tools and process to (a) build effective repositories of identity information for IAM systems to use, (b) collect and correlate information about the IAM events that occur throughout the system with other important security events and information, (c) provide a means to monitor, analyze and report on what is happening within the IAM world for a number of constituents.”

The goal is to apply serious analytics to identity information that delivers business value to the organization.  For example: a manager goes to an IAM portal to request creation of a new contractor working in her team and the system "suggests" the kinds of access that the contract may need based on the data already in the system and some applicable business rules. This helps the manager be more efficient, helps the organization better manage access, and ensures the end user has access to the resources she needs to do her job. 

Over the past 18 months, “next-gen” access request applications have been introduced to market, bringing with them the promise that more intelligent and efficient access request processes will materialize.   Furthermore, the maturity and greater sophistication of role management products have allowed organizations to make good sense of what bundles of access should be made available to drive the business, and leverage this information in ways that expedite key IAM functions such as on-boarding, transfers and termination of users.

These are just two factors that indicate the tipping point for Identity Intelligence is not as far off as many (including myself) once thought.  The level and pace of innovation in this area is enough to expect great strides in effective and business ready Identity Intelligence in 2012, most likely delivered as a service.  

2)  Consumer Identity Brokers prepare for prime time:  An Identity Broker, or “i-broker,” as referred to by Wikipedia, is “a trusted third party that helps individuals and organizations share private data the same way banks help exchange funds and ISPs help exchange e-mail and files.”  Think of PayPal as an identity broker for online shopping, or Facebook for information sharing on the Internet.

While the concept of identity brokers is easy enough to digest, making it work in a user friendly and privacy enhancing way is not so easy.   It is widely accepted that identity brokers should be advocates of consumer privacy and protection.  PayPal’s Andrew Nash perfectly encapsulated this requirement in his (Asimov-inspired) three laws of Identity Brokers:

1. An Identity Broker may not injure a consumer, or through inaction, allow a consumer to come to harm.
2. An Identity Broker must obey orders given by consumers, except where orders would conflict with the first law.
3. An Identity Broker must protect its own existence as long as such protection does not conflict with the first or second law.

While Facebook has carved out a role for itself as the identity broker most trusted by consumers in social networks, it is fair to say that these laws are not its guiding principals, as seen by consumer revolt over Beacon and other privacy issues.   Additionally, it is highly suspect that Facebook or rival identity brokers such as Google or Microsoft will be viable or trusted outside of social network transactions. It will be interesting to se how much progress we make in the coming year working through key issues such as:

• What use case or service will push use of identity brokers forward? 
• Who pays for what?  
• Who will regulate the integrity and security of identity brokers?  
  

3) Behold the proliferation of the Managed Identity Service Provider (MISP)

Just as the complexity of network security gave rise to the Managed Security Services Provider (MSSP) market (estimated by Forrester to be a US$4.5 billion market), the pain associated identity management has given rise to a similar trend.  IAM specialists are now capitalizing on their expertise, delivering variety of specialized offerings including dedicated, hosted IAM services.   Like any nascent market, there are several acronyms being used to frame this market, including IDaaS (Identity as a Service) and MIS (Managed Identity Services).  We believe that this market will explode in 2012 with a variety of players entering in to the fray consisting mainly of software vendors offering hosted versions of their on-premise offerings, VARS specializing in Identity Management expanding into the hosted services market, and entrepreneurs opening up dedicated shops.  Either way, the demand for specialized IAM services will explode in 2012, giving rise to the emergence of a much-needed new breed of service provider – the Managed Identity Services Provider (MISP.)

How close to the mark these predictions are, only time will tell.  Regardless, one thing I am sure of is that 2012 is sure to push the envelope forward when it comes to matters of digital identity, and we at Identropy are glad to be a part of it.