Analyst Chat
Analyst Chat #75: Get Rid of IAM Siloes
Martin Kuppinger joins Matthias for a first hybrid audio plus video episode of the Analyst Chat. They talk about horizontal (capabilities like AM, IGA, and PAM) and vertical siloes (identities like things, robots, customers, partners, or employees). And they lay out a proper approach to strategically get rid of these siloes in the long run.
Welcome to the KuppingerCole analyst chat. I'm your host. My name is Matthias. I'm senior analyst and lead advisor here at KuppingerCole. My guest today is Martin Kuppinger. He is principal analyst here at KuppingerCole And he's one of the founders of KuppingerCole. Hi Martin.
Hi Matthias. Pleasure to be here with you for our first video podcast.
Absolutely. And this will be, uh, an interesting session. We are hopefully learning lots of how to do video podcasts, but without further ado, just start with our topic. And I hope the audience would enjoy that. We want to talk about, um, getting rid of IMS silos. And this is really an important thing that we see in our daily life as advisors at analysts when talking to end user companies. But also when we talk to vendors, um, when we talk about silence, what type of silos do you see in real life when you talk to people?
Yeah, I think there are, there are a couple of stylists. First, there are silos of identity, lifecycle management, um, access governance. Then we have excess management, WebEx has Federation, all that stuff, and then we have to silo off, um, uh, privileged access management. For instance, then we have another, a group of Silas, um, which are, we have consumers and customers. We have partner identities, we have employee identities, things that other six devices might add to that. And we even made me think about a certain group of silos, which is, for instance, if you look at SAP environments, then a lot of fun to be doing identity management and access governance, to lists sort of a silo. It's the, so to speak the SAP silo we have here. And so there aren't really many silos I'm resulting in, um, frequented. I am installation frequented. I am strategies frequented. I am organizations at the end of the day.
Okay. And if we look at a different time mentioned when it comes to the silos, um, are there, um, yeah, when we look at the different types of identities that we look at and we look at the way how they are managed within the infrastructure often larger enterprise, that really means that we get to a kind of, yeah. iMatrix organizations though that, um, customers are starting with one system and enterprise employees are start in another system, which just includes, uh, increases the, the, the amount of fragmentation and the silo aspect.
Yeah. And I think we should, that's in metrics, it should say can a more consistent, comprehensive concept, which we call it KuppingerCole the identity fabric. Um, so there's this more deep concept which unites, um, the different flavors, different, um, aspects of identity and access management into, uh, into a single, into a consistent, um, but also very comprehensive, um, sort of time of blueprint, paradigm, what you'd like to name them. Um, and I think from an organizational perspective, it is also about understanding that the organizational complexity will go down if we get rid of silos, not up, because currently we have still in many organizations that we have to situation does that we find, um, for instance, um, identity, lifecycle management department and an access management department in different areas, or that privileged access management, is it a cybersecurity department while I don't assign the infrastructure department? I think we need to get rid of that. And that is what we really can do successfully if we think about which silos, if at all, do we need.
Right. But what does that also mean for the organization within an organization to the structure of how people collaborate with each other and does this mean that we need to bring all these people together in a central organization or does that mean that we make sure that they are properly communicating?
Yeah, so, you know, and I think you did probably more organizational dire cramps in your advice river, then the night more, the research side at the end of the day. But I think when we look at our standard, I am organization picture for instance, then this Patriot is that we have, um, a three tiered organization from operation center development, part dollar at the button to the it dim functional aspects. So, so really running, maintaining versus doing the more technical things to the apple layer, which has governance and riches to interactions, to business departments. And that concept basically maps to all flavors of identity and access management, trusted. They are different part is that we didn't clearly have some, some areas modern ones, by the way, at the top level, we have also this common announcing, which then might be for instance, a CSO organization, factually while other parts are really was India.
I am organization, but the lower parts of the picture that again, could be an it operations and it servers, um, part of our organization. So it doesn't mean that we could, we need to have a, um, a super complex organization, but I think we need to unify and end up with certain am organization. That probably is bigger than the common I am organizations that are into various types of business and organizations are so it will Crow, um, no doubt about it. Um, but I also strongly believe in Nita. I am as sort of a individual department, a side of cyber security, a side of infrastructure, because it's so essential for every single want to be. You're talking so much about am ditch identity being D D the essence that, that maybe most important thing in a digital transformation. So yes, let's go for something which really helps us dealing with identity access and every single rod.
Absolutely. And when you say that we should have a central IAM organization at the cork coordinating the way, how I am as executed within an organization with some satellite departments that are communicating with this. Um, the, the model of the identity fabric that you mentioned, I think is really important on our, on an organization's way towards achieving this better way of organization and better way of structuring, designing, uh, an infrastructure beyond silos. So when we look at this identity fabric concept, um, we usually say it's a various simple approach that just enables every identity to access the resources, the systems, the processes, the data that they need access to, and by defining well delineated well-defined services that communicate with each other through standardized platforms and standardized APIs, API APIs, um, we get to a solution that is on the one hand, uh, stable. And on the other hand, scalable, what else are characteristics that you think are important when getting rid of the IMC silos, which are better when you use an identity fabric approach than any other approach?
Yeah, I think, you know, it starts Mr. Simplest fact that authentication happens everywhere. So you offered a cake, Chris, you were some customers and business partners and employees, you also educate machines and so on. So why there are basically two types of ossification. One is the sort of, um, active interact, interactive authentication by humans. The other is the system to system in some ways. So that could be honestly, you've been interacts with it's, it's the smartphone and the smartphone and the app on the smartphone doesn't interact. So to speak, um, app to app or system to system, um, with the other side. But at the end, it's always the same. And it's always also unique processes for managing, um, identities, for managing identity relations for all that stuff. It's always, uh, at the end, harass a symbol or sing we are doing. And so I think that the attraction of going away from Silas is that you also become faster and more efficient in having less redundancy in your technology better or use that doesn't mean that this is only a single ossification solution, but it's very few instead of many.
And I think this is an important thing. And you know, my, one of my favorite examples is always around business partner, identity management, um, uh, business partner can be very close to a employee. If it's a contractor who stays in our organization for maybe even two or three years, then onboarding will be very close and access management will be very close to the employee. If it's a partner that is trust coming in very occasionally, then it's a very different kind of by being far closer to a customer than to an employee. And, um, so if you try to invent everything again, you, for every new use case and then software robots come into play, how do we deal with software robots, not that different than we deal with other identities. So why should we start again, building a new identity measurement? I know a lot of organizations struggling with software robots, but also because there's a lack of reuse in what you're doing. And I think this is where we can really benefit from. And, um, it's also, you know, about learnings. Um, what, why should you do the mistake and manage the same mistake again and again, in many silos?
Absolutely. And you mentioned reuse, and I think that is also an important aspect to look at everybody today is talking about the concept of trust and implementing zero trust relies on, on services, on capabilities and functions that are provided somewhere in the organization. And many of those are in identity and access management. So having these processes, for example, a strong authentication, a strong, reliable concept of identities that are trustworthy and have proper attributes to use. And this is something that, um, implementing a zero trust approach can really benefit from and can be much quicker as you said. So really this time to production can be much quicker when you have clearly defined services, rather than silos across all identities that want to use zero trust. And I guess that should be all, and that they really get access to a proper infrastructure to use for zero trust. So reuse is key, I think.
Yeah, no doubt
When we, when we come to, to this concept of the identity fabric and, uh, our audience wants to have a closer look now that they can see us. I have a closer look at this topic. What kind of research have you provided recently that could help them in learning more about the identity fabric and on their way of getting rid of silos?
Yeah, so I think one important piece is the replay of the keynote I did for the first of the second Casey life we went, we did in 2020, um, where I talked about the concept of the identity fabric. Um, the, um, second very important piece of it is our relatively new leadership compass on identity fabrics, uh, to be clear and that leadership compass, it doesn't say, this is the one tool you need for nylon fabric. It just looks at platforms which provide a relatively broad set of capabilities as a foundation for building your own custom identity fabric. And so these are some, two of the collaterals, which are very versed to look at it. And I think UNTS all I could mention a couple of leadership briefs you've written about that.
Absolutely. As it more, the groundwork, the foundation material that is available, there are two leadership briefs that are on the one hand explaining the identity fabric as a concept in general, which is a four pager, which is, um, very simple to, to read very quick to read, but hopefully offers some insight into the overall concept. And then another leadership brief that does the same and extends and elaborates on that when it comes to looking at identity as a service infrastructure, as a part, as an implementation of the identity fabric. So these would be two additional documents maybe to start with in the beginning and then to, to drill deeper into the platforms that enable you to implement an identity fabric rather than going with a, with a more or less a monolithic
Solution. Yeah, but, but to be clear, I think the identity fabric is sort of what the technical, the architectural paradigm, the logical structure of how you, however, world that is less siloed for identity management looks like the other side is really looking at the IBM organization, looking at the overall it organization and understanding that there's a need for a central I am organization. Um, another need for many silos in that space.
Absolutely. And I think that's a great final word for this first video episode of our podcast. Thank you very much, Martin, for being my guest today. And I'm looking forward to talking to you soon and then talking to you face to face.
Hi Matthias. Pleasure to be here with you for our first video podcast.
Absolutely. And this will be, uh, an interesting session. We are hopefully learning lots of how to do video podcasts, but without further ado, just start with our topic. And I hope the audience would enjoy that. We want to talk about, um, getting rid of IMS silos. And this is really an important thing that we see in our daily life as advisors at analysts when talking to end user companies. But also when we talk to vendors, um, when we talk about silence, what type of silos do you see in real life when you talk to people?
Yeah, I think there are, there are a couple of stylists. First, there are silos of identity, lifecycle management, um, access governance. Then we have excess management, WebEx has Federation, all that stuff, and then we have to silo off, um, uh, privileged access management. For instance, then we have another, a group of Silas, um, which are, we have consumers and customers. We have partner identities, we have employee identities, things that other six devices might add to that. And we even made me think about a certain group of silos, which is, for instance, if you look at SAP environments, then a lot of fun to be doing identity management and access governance, to lists sort of a silo. It's the, so to speak the SAP silo we have here. And so there aren't really many silos I'm resulting in, um, frequented. I am installation frequented. I am strategies frequented. I am organizations at the end of the day.
Okay. And if we look at a different time mentioned when it comes to the silos, um, are there, um, yeah, when we look at the different types of identities that we look at and we look at the way how they are managed within the infrastructure often larger enterprise, that really means that we get to a kind of, yeah. iMatrix organizations though that, um, customers are starting with one system and enterprise employees are start in another system, which just includes, uh, increases the, the, the amount of fragmentation and the silo aspect.
Yeah. And I think we should, that's in metrics, it should say can a more consistent, comprehensive concept, which we call it KuppingerCole the identity fabric. Um, so there's this more deep concept which unites, um, the different flavors, different, um, aspects of identity and access management into, uh, into a single, into a consistent, um, but also very comprehensive, um, sort of time of blueprint, paradigm, what you'd like to name them. Um, and I think from an organizational perspective, it is also about understanding that the organizational complexity will go down if we get rid of silos, not up, because currently we have still in many organizations that we have to situation does that we find, um, for instance, um, identity, lifecycle management department and an access management department in different areas, or that privileged access management, is it a cybersecurity department while I don't assign the infrastructure department? I think we need to get rid of that. And that is what we really can do successfully if we think about which silos, if at all, do we need.
Right. But what does that also mean for the organization within an organization to the structure of how people collaborate with each other and does this mean that we need to bring all these people together in a central organization or does that mean that we make sure that they are properly communicating?
Yeah, so, you know, and I think you did probably more organizational dire cramps in your advice river, then the night more, the research side at the end of the day. But I think when we look at our standard, I am organization picture for instance, then this Patriot is that we have, um, a three tiered organization from operation center development, part dollar at the button to the it dim functional aspects. So, so really running, maintaining versus doing the more technical things to the apple layer, which has governance and riches to interactions, to business departments. And that concept basically maps to all flavors of identity and access management, trusted. They are different part is that we didn't clearly have some, some areas modern ones, by the way, at the top level, we have also this common announcing, which then might be for instance, a CSO organization, factually while other parts are really was India.
I am organization, but the lower parts of the picture that again, could be an it operations and it servers, um, part of our organization. So it doesn't mean that we could, we need to have a, um, a super complex organization, but I think we need to unify and end up with certain am organization. That probably is bigger than the common I am organizations that are into various types of business and organizations are so it will Crow, um, no doubt about it. Um, but I also strongly believe in Nita. I am as sort of a individual department, a side of cyber security, a side of infrastructure, because it's so essential for every single want to be. You're talking so much about am ditch identity being D D the essence that, that maybe most important thing in a digital transformation. So yes, let's go for something which really helps us dealing with identity access and every single rod.
Absolutely. And when you say that we should have a central IAM organization at the cork coordinating the way, how I am as executed within an organization with some satellite departments that are communicating with this. Um, the, the model of the identity fabric that you mentioned, I think is really important on our, on an organization's way towards achieving this better way of organization and better way of structuring, designing, uh, an infrastructure beyond silos. So when we look at this identity fabric concept, um, we usually say it's a various simple approach that just enables every identity to access the resources, the systems, the processes, the data that they need access to, and by defining well delineated well-defined services that communicate with each other through standardized platforms and standardized APIs, API APIs, um, we get to a solution that is on the one hand, uh, stable. And on the other hand, scalable, what else are characteristics that you think are important when getting rid of the IMC silos, which are better when you use an identity fabric approach than any other approach?
Yeah, I think, you know, it starts Mr. Simplest fact that authentication happens everywhere. So you offered a cake, Chris, you were some customers and business partners and employees, you also educate machines and so on. So why there are basically two types of ossification. One is the sort of, um, active interact, interactive authentication by humans. The other is the system to system in some ways. So that could be honestly, you've been interacts with it's, it's the smartphone and the smartphone and the app on the smartphone doesn't interact. So to speak, um, app to app or system to system, um, with the other side. But at the end, it's always the same. And it's always also unique processes for managing, um, identities, for managing identity relations for all that stuff. It's always, uh, at the end, harass a symbol or sing we are doing. And so I think that the attraction of going away from Silas is that you also become faster and more efficient in having less redundancy in your technology better or use that doesn't mean that this is only a single ossification solution, but it's very few instead of many.
And I think this is an important thing. And you know, my, one of my favorite examples is always around business partner, identity management, um, uh, business partner can be very close to a employee. If it's a contractor who stays in our organization for maybe even two or three years, then onboarding will be very close and access management will be very close to the employee. If it's a partner that is trust coming in very occasionally, then it's a very different kind of by being far closer to a customer than to an employee. And, um, so if you try to invent everything again, you, for every new use case and then software robots come into play, how do we deal with software robots, not that different than we deal with other identities. So why should we start again, building a new identity measurement? I know a lot of organizations struggling with software robots, but also because there's a lack of reuse in what you're doing. And I think this is where we can really benefit from. And, um, it's also, you know, about learnings. Um, what, why should you do the mistake and manage the same mistake again and again, in many silos?
Absolutely. And you mentioned reuse, and I think that is also an important aspect to look at everybody today is talking about the concept of trust and implementing zero trust relies on, on services, on capabilities and functions that are provided somewhere in the organization. And many of those are in identity and access management. So having these processes, for example, a strong authentication, a strong, reliable concept of identities that are trustworthy and have proper attributes to use. And this is something that, um, implementing a zero trust approach can really benefit from and can be much quicker as you said. So really this time to production can be much quicker when you have clearly defined services, rather than silos across all identities that want to use zero trust. And I guess that should be all, and that they really get access to a proper infrastructure to use for zero trust. So reuse is key, I think.
Yeah, no doubt
When we, when we come to, to this concept of the identity fabric and, uh, our audience wants to have a closer look now that they can see us. I have a closer look at this topic. What kind of research have you provided recently that could help them in learning more about the identity fabric and on their way of getting rid of silos?
Yeah, so I think one important piece is the replay of the keynote I did for the first of the second Casey life we went, we did in 2020, um, where I talked about the concept of the identity fabric. Um, the, um, second very important piece of it is our relatively new leadership compass on identity fabrics, uh, to be clear and that leadership compass, it doesn't say, this is the one tool you need for nylon fabric. It just looks at platforms which provide a relatively broad set of capabilities as a foundation for building your own custom identity fabric. And so these are some, two of the collaterals, which are very versed to look at it. And I think UNTS all I could mention a couple of leadership briefs you've written about that.
Absolutely. As it more, the groundwork, the foundation material that is available, there are two leadership briefs that are on the one hand explaining the identity fabric as a concept in general, which is a four pager, which is, um, very simple to, to read very quick to read, but hopefully offers some insight into the overall concept. And then another leadership brief that does the same and extends and elaborates on that when it comes to looking at identity as a service infrastructure, as a part, as an implementation of the identity fabric. So these would be two additional documents maybe to start with in the beginning and then to, to drill deeper into the platforms that enable you to implement an identity fabric rather than going with a, with a more or less a monolithic
Solution. Yeah, but, but to be clear, I think the identity fabric is sort of what the technical, the architectural paradigm, the logical structure of how you, however, world that is less siloed for identity management looks like the other side is really looking at the IBM organization, looking at the overall it organization and understanding that there's a need for a central I am organization. Um, another need for many silos in that space.
Absolutely. And I think that's a great final word for this first video episode of our podcast. Thank you very much, Martin, for being my guest today. And I'm looking forward to talking to you soon and then talking to you face to face.
Video Links
Stay Connected
Related Videos
How can we help you