With the increasing demand for identity and access management (IAM) solutions, there have been a significant number of developments in the space. They vary from evolution of strategy and approach to innovation in functionality and technology. This article highlights three key IAM trends: the moves toward a platform- or service-centric focus, content-aware IAM and automated access request and access certification.
Oracle has done a respectable job of listening to customers and the marketplace, then refining its Oracle Identity Management product set accordingly. Some of the IAM trends discussed here are reflected in the evolution of Oracle’s product set. Others are likely to be addressed by Oracle, especially if the trend continues.
Moving to a service-centric focus
For years the distributed computing software industry has been moving away from monolithic application silos to shared services supported by service-oriented architecture (SOA). However, there is still significant work to be done in the area of IAM. While many applications have been created or retrofitted to support fundamental shared security services (e.g., directory services, authentication services, provisioning services), there is much work ahead to provide additional shared security services, such as authorization and fine-grained entitlements services. Many standards and technologies have been developed to support this need.
However, authorization and entitlement logic is still embedded in applications and needs to be abstracted so it can leverage a shared service. Oracle's Identity Management product suite (including Oracle Entitlements Server) is providing the foundation to solve this challenge and is being developed along with the rest of the Oracle Fusion Middleware Platform to take advantage of technology standards such as SOA composites and Business Process Execution Language. Additionally, Oracle can develop its Oracle Fusion Business Applications to leverage Oracle Fusion Middleware and, more specifically, the Oracle Identity Management suite.
Move to content-aware IAM
Another interesting development is the need for and transition to more content-aware identity and access management solutions. This trend is most obvious when considering the proliferation of collaboration software (e.g., SharePoint). However, it is becoming even more important and challenging in the context of information rights management (IRM) and data loss prevention (DLP) solutions, which are essentially designed to enforce that specific content does not get accessed by, modified by or sent to the unauthorized viewer.
The challenges of DLP are particularly elevated because DLP needs to address data in use, data in motion and data at rest. These three scenarios involve a broad number of devices and interfaces. Oracle is well-positioned to address IRM given it has a strong IRM system and a rich IAM offering. It remains to be seen how Oracle will address the convergence of IAM and DLP technologies or whether that trend will continue long enough to require additional attention and resources from Oracle.
Automated provisioning is too burdensome
This is a counterintuitive trend to many enterprises, as many championed automated provisioning for years as the solution to compliance challenges. However, many enterprises are realizing that this promise of fully automating provisioning and, hence, fully controlling and understanding your entitlements, can be a mirage. It often takes too much time and investment without producing the compliance results many are looking for.
The current trend is to focus on automating the access request process (capturing who requested what, when and who approved), and then automating the access review, or auditing, process. The access request processes can be infused with preventative measures and can be role-based. The access review process can also be role-based and, more important, it doesn't need to rely on live connectors to every system that requires inspection.
This approach gives enterprises with the ability to deliver on their compliance demands in a more timely and a cost-effective way while retaining the choice of which applications truly require automated provisioning (commonly "birthright" applications, critical applications and resources that are required by broad groups of users). In this area, Oracle provides a lot of flexibility and choice with Oracle Identity Manager and Oracle Identity Analytics. These are two industry-leading products that have been engineered to work together.
It should go without saying that the move to cloud (think boundary-less, but securely managed) computing is another significant trend in the marketplace. This trend has driven all relevant IAM vendors to address security for applications and platforms in the cloud as well as for applications and platforms being managed from the cloud. Oracle understands the value of cloud computing as well as the new challenges this paradigm presents. The company has developed many standards-based technologies and building blocks to enable several aspects of cloud computing. Continued investment in and maturity of the Oracle Fusion Middleware product set around cloud computing is expected.
Shawn Keve is a partner at Simeio Solutions, a systems integrator focusing on identity and access management. He has more than 18 years experience in the strategy, architecture, design and implementation of enterprise software.
This was first published in August 2011