IAM in the Cloud Drives Channel Opportunities, Challenges
The identity access management (IAM) market pretty much languished on-premise. Most IT organizations were fairly content to manage passwords via Microsoft Active Directory.
However, with the rise of mobile computing and shadow IT services, all that has fundamentally changed. Now many IT organizations are desperate to leverage IAM services in the cloud to help regain control of their environments. This creates potential opportunities for the channel, but those opportunities aren't always clear-cut.
Thanks to the "consumerization of IT," end users are regularly using services outside the internal IT organization's control. Naturally, that creates a major IT security and governance problem. IAM provides the capabilities that IT organizations need to figure out who is accessing what services when both inside and out of the enterprise—hopefully, before an auditor figures out that the company needs to be assessed a penalty for violating one compliance requirement or another.
While IAM can obviously be deployed on-premise, the complexity of setting up IAM is pushing many customers to adopt IAM as a service. The degree to which IAM winds up in the cloud depends largely on the vertical market and how that organization feels about capital versus operating expenses when it comes to IT. But IAM clearly is creating something of a boon for solution providers that specialize in setting up those services.
"Identity management is a rapid growing space for us, said Chad Whitney, director of sales engineering at FishNet Security, a solution provider that specializes in IT security. "Right now, depending on the vertical, it's about an even mix when it comes to deploying IAM in the cloud versus on-premise."
One of the bigger challenges facing solution providers is that a lot of vendors try to sell IAM both direct and through the channel. Whitney noted this is an issue for the channel partner, not only because of the competition it creates, but also because it eliminates the opportunity for the solution provider to engage the customer about other potential IT services.
"For us, IAM creates an opportunity to get in front of the customer to sell other services," said Whitney. "When a vendor sells IAM direct, the only thing they are interested in is that one product."
One of the trends that may exacerbate that issue even further is that IAM is starting to be bundled inside larger solutions. Vendors such as Oracle and IBM, for example, have a major focus on IAM as a component of their mobile application development platforms (MADPs). In the case of Oracle, the identity management capabilities of Oracle Identity Manager are already baked into the Oracle Mobile platform.
IBM, meanwhile, just acquired a unit of Lighthouse Security Services, one of its business partners in the channel, to gain access to technology that simplifies the IAM on-boarding process. Based on the IAM technology that IBM offers via its Tivoli portfolio, the Lighthouse technology makes it a lot simpler to deploy IAM via the cloud, according to Latha Maripuri, director of worldwide security services at IBM.
"The on-boarding process when it comes to identity management can take forever," said Maripuri. "Lighthouse developed technologies to automate that process."
Eventually, those identity management services will be exposed both through the IBM Softlayer cloud and the IBM MADP platform that currently provides mobile application management capabilities delivered via the Fiberlink Communications arm of IBM.
Despite those efforts, however, FishNet Security's Whitney said many vendors fail to take into account the simple fact that most customers want a single IAM solution that can be as broadly applied as possible. As such, FishNet Security has been reselling an IAM service developed by Centrify.
"The customer really only wants to have to manage one IAM solution," Whitney said. "A lot of vendors don't seem to appreciate that."
Bill Mann, senior vice president of products and chief product officer at Centrify, said that even though the number of IAM services in the cloud is rapidly expanding, there's a major difference between IAM offerings that were built from the ground up for the cloud, versus IAM implementations that were originally built to be deployed on-premise and are just now being redeployed into the cloud.
"One of things that has limited the adoption of IAM was the need for all the professional services required to make it work," said Mann. "A service built from the ground up for cloud lets organizations manage identity for and from anywhere via a single pane of glass."
IAM services in the cloud are clearly expanding a security opportunity for solution providers in the channel by reducing the complexity associated with deploying IAM solutions. The challenge facing solution providers now is finding a way to seize that opportunity before some other solution provider beats them to it.
Michael Vizard has been covering IT issues in the enterprise for 25 years as an editor and columnist for publications such as InfoWorld, eWEEK, Baseline, CRN, ComputerWorld and Digital Review.