A couple of weeks ago, while reading over some comments on LinkedIn, I was chuckling to myself. One person was saying that we had had SSO, Provisioning and Federation and now was waiting (read bored) for the next great thing to come onto the horizon. This blog will focus on the horizon.
The message from me to readers on message boards like LinkedIn is to wake up and smell the coffee. Having more new tools isn't going to make a revolution. Figuring out how to take the tools and apply them to the mass market, now that's a revolution.
Over the past decade, most large Fortune 500 enterprises have adopted some form of identity management. We are now in the wave of the Fortune 2000 type enterprises adopting identity management. This includes utilities, municipal , state and federal governments, etc. All of which makes for the beginning of the fat portion of a bell shaped adoption curve.
The challenge is figuring out how to get the tens of thousands and hundred of thousands of small businesses in each country to partake in identity management. Now that's a revolution when it occurs.
However, like all revolutions, making this occur isn't easy. You can't take people like me, who charge and make all kinds of money, and companies like Oracle and IBM to go into a small mom and pop store and bill them to implement identity management. They would likely tell people like us to "piss off".
First of all, why should they even care about identity management. Looking down the road, I see several reasons why:
* Federation with other manufacturers - a lot of industry today has parts and components made in very small companies which are then integrated into larger components. The ability for a company, their application (like CAD/CAM) or a worker to instantly log on and interact with other companies applications, inventory management, shipping, billing and finance requires streamlined, simple, identity management.
* Services with clients and customers - the same as above also applies to the service industry. As larger enterprises out-source much of their non-core services to small businesses, it requires the ability to authenticate, authorize and audit sessions on different enterprise systems. Again, all of this requires simple, streamlined identity management.
* Government - as more and more government services become digital, it will help the company and its workers in being able to quickly and seamlessly interact with the government services. Again, some form of identity management is required.
Most small enterprises are not going to know anything about identity management. To them it will simply be a service/toolkit. Here's how I envision this to occur over the next ten years:
1. Cloud and Payroll/Contract as a Service - many of the small business computing will be done in a cloud environment and/or using out-sourced, inexpensive services. It's much easier for the business to support. As things like payroll gets put into the cloud, in a low cost, easy to use way, then I see opportunities opening up for identity.
2. The authoritative source for identities in most enterprises is the payroll or contract system. Once small enterprises begin to adopt cloud and payroll/contract as a service offering, then identity providers can quickly take advantage. They can tie into the services, in pre-determined ways, using tools like virtual directories to quickly create enterprise directories and identity management systems. The companies who will offer this service will be new start-ups and, I believe over time, financial institutions.
3. Federation - the small business will sign contracts with their identity providers determining who gets hit financially and legally, when a identity federation goes wrong. Over time, I believe that the vast majority of this will become main stream (but certainly not overnight!). With the contract, the identity third party will act as the "middle-person" and federate the identities between the small business and their suppliers, customers, etc.
4. De-provisioning - one of the many problems in all businesses is ensuring that an identity's privileges are quickly removed when the identity is terminated or goes through a role change. By tying the identity to the paycheck, I believe that this will solve much but not all of the small business provisioning problems. When an identity is no longer getting paid, the identity management third party will automatically terminate access rights.
I don't mean in the above, to simply gloss over all the many, many challenges in creating this. However, it is the application of the existing technologies in new ways that will create a huge uplift in identity management. This includes wrestling with all the legal and liability challenges. It also must address the numerous security issues in cloud computing.
The identity management I'm talking about is more of a service than a large suite of software installed in the small business. Like all revolutions, it will take many efforts, some successful and some not. However, there is a big change coming. Vendors and consultants would be wise to think about this in new ways of applying their technology instead of waiting for some thing new that is going to keep them employed.