At the last Digital ID World conference, I bumped into Douglas Anter by sheer luck at the Ping Identity party. He is responsible for Public and Analyst Relations at Compuware, the company that owns Covisint. Whether I would have some time for a briefing, he asked. You bet! I said.
I already knew that Covisint runs one of the largest federation networks for the automotive industry - tying together a large network of car manufacturers, the whole supply chain and retailers. But I didn't have the full picture yet, so I was eager. Well, as eager as you can reasonably be expected to be considering the aftermath of yet another of Ping's legendary parties and the fact that our "briefing breakfast" was scheduled at 9 AM. I met Doug, Todd Foland and to my pleasant surprise also Dan Beckett, who I remember from my previous times at Symlabs - he used to work for Dewpoint, an Identity Management consultancy in the US Midwest.
Covisint was founded in 2000 in order and one of its first undertakings was to manage an on-line auction for components used in the automotive industry. That auction was not popular - margins within the industry were already razor thin, and an auction to drive prices down even further was not met with a lot of enthusiasm.
Covisint quickly recognised the potential of connecting manufacturers for integrated supply chain management, and set up a large exchange for the automotive industry - which all but supplanted the ANX (automotive Network Exchange) that was set up in 1995 by the Automotive Industry Action Group.
At the outset, federation standards hadn't emerged, so Covisint developed a proprietary approach to federated single sign-on. As the SAML evolved and became standardised, Covisint subsequently adopted it. Building upon the OpenSAML platform, Covisint built a platform of components that can be assembled into customer- or industry-specific solutions to cope with the massive amount of federated logins. To streamlining the management of federation agreements and trust relationships, Covisint built a comprehensive suite of management tools. Diversification was next - what had been accomplished for the automotive sector could now be replicated for other industries seeking to build integrated exchanges to enable supply chains and drive down costs. The hottest market for Covisint is currently health care. Whilst revenue is growing at a healthy 44% overall, the business from the health care business is currently growing at a whooping 70% p.a.
Covisint's Trusted Identity Broker is now in its third year of usage for a nationwide Law Enforcement deployment, sponsored by the US Department of Justice, and providing IdPs and SPs the ability to share information across federal, state, and local law enforcement organizations. Covisint is also involved in nascent activities in other vertical industries, participating on federation and identity working groups, and driving solutions targeted to specific industry needs, including Financial Services, Pharmaceutical, and Energy. Whilst I will be focusing mostly on the identity management service offerings, Covisint offers other business-related services in the areas of Collaboration Portals and Enterprise Messaging, which according to Covisint derive benefits once a federated identity solution is in place.
Covisint has certainly managed to address several pain points in federated networks. For one, running a complex federation network between multiple partners is a major undertaking - a good candidate for outsourcing by subscribing as a service. When the federation network is between one or few large organisations (hubs) with many smaller endpoints (spokes, or in the case of the automotive industry - suppliers), external identities and federation agreements must be managed. Smaller organisations do not typically have the knowledge or the mechanisms in place to do so, in which case Covisint hosts the identities and allows organisations to manage them in a delegated fashion. In fact, Covisint runs the largest Identity Management-as-a-Service (IdMaaS) network in the world, partly by integrating with large organisations' internal Identity Management systems, partly by hosting identities itself and providing delegated administration to smaller organisations. Especially for smaller or medium enterprises, this provides an advantage in Total Cost of Ownership (TCO) - participants can often realize a greater degree of functionality and reliability than they could afford to deploy on their own.
Another major pain point is the mapping of data in exchanged messages - in the case of complex federation agreements; this is often related to part within SAML messages that deal with context and privilege or group information. Covisint here has the advantage of long experience in exchanging EDI and XML messages, converting and mapping data contained in them, so mapping and translating SAML messages was a natural extension of their legacy capabilities.
At Kuppinger Cole we are seeing growing demand for "Identity as a Service" from two segments: small and medium enterprises, and large federated circles of trust. The appeal for IaaS for small and medium enterprises is clearly the possibility to outsource a business functions that would be more cumbersome to maintain in-house. Identity is not an obvious candidate for outsourcing, as identity management solutions for small and medium enterprises are more ad-hoc and less regulatory pressure. However, as the trend towards Software as a Service (SaaS) and cloud computing continues, identity management must be extended outside of the enterprise, and IaaS becomes a natural fit. The appeal for large federated circles of trust lies in the fact that the maintenance of a large or complex federation is costly and time-consuming, hence a well placed target for outsourcing.
Companies such as Covisint that offer IaaS services are enjoying a healthy grow in revenue and we expect competition in that segment to increase, specifically as large players will begin to offer IaaS services through their cloud computing offers.