Today, provisioning is the core element of Identity Management. Most of the products which are usually named “Identity Manager” are built around provisioning, with more or less additional features. But will that be still the case some three years from now? There are several trends which will influence provisioning significantly. The most important ones are
- Reuse of existing IT infrastructure components
- Business Role Management
- Enterprise Information Management
There are disadvantages as well, notably the higher complexity and the missing domain-specific features for identity management in standard workflow tools. MDM (Master Data Management) and ESBs (Enterprise Service Bus) are other technologies which might be used instead of specific IAM tools.
Business Role Management influences the Identity Management market as well. Besides integrating role management features into provisioning products there is another market segment which really focuses on business role management, e.g. acts from a business perspective. A real business role management goes beyond IAM. The defined business roles might be consumed by several provisioning products in the enterprise. Having more than one provisioning is a reality in many larger enterprises today – and we will see more of these infrastructures with the growing importance of ESBs as a transport means. Furthermore, business roles are relevant for workflows, enterprise content management, the core business systems and so on. Thus, the idea of a separate layer of a centralized business role management will gain momentum.
Enterprise Information Management is another important aspect. In that context, identity management is just one infrastructure element, with provisioning as part of it. That means that there might be a market in which provisioning is sold as part of other solutions. It might appear as well that Enterprise Information Management relies on a strong identity management foundation which is built separately. But there is at least some probability that this will affect the role provisioning plays today.
That doesn’t necessarily mean that the provisioning market segment will disappear. I expect that there will two different markets:
- The market of modular provisioning components which reuse existing IT infrastructure components
- The market of packaged IAM suites
The market of packaged IAM suites will integrate more and more features into the “Identity Manager” products, providing more or less complete solutions. The market for these solutions are the mid-sized companies which require identity management but are, neither from the maturity of their IT infrastructure nor the capability to implement IT projects consistently based on a standardized infrastructure, able to really follow the first approach.
Thus we will see something which is built around provisioning even in three years. But there will be more lightweight implementations where the value comes from the knowledge of processes (e.g. best practices) and a broad range of connectors which can be used as well directly as in conjunction with ESBs. And there will be, on the other hand, products which provide a pretty complete functionality in addition to provisioning with more auditing, some role management, may be even some risk management and so on.
It is noteworthy that, with both approaches, the relevance and visibility of provisioning will decrease. Thus, provisioning won’t be the main differentiator in competition any more. It will be either the ability to flexibly act on and in existing IT infrastructures or the completeness of an easy-to-use identity management suite.
And, no surprise, this discussion will find its place as well at our European Identity Conference 2008, for example in the Track "IAM and SOA".