A common identity and access management (IAM) decision-making theme in many organizations seems to focus on selecting a “Suite” of products, but there is some movement in the corporate world to think of creating an identity ecosystem where multiple brands of products may be introduced in order to better solve corporate challenges. Only you can make appropriate decisions around your organization’s needs, and there are situations where a multi-vendor approach makes sense vs. committing to a single suite.
The lure of tighter integration would obviously factor into grouping various products under a single vendor’s suite. However, not every identity and access management product needs to be tightly integrated with every other product. Integration needs often depend on the level of features you require across your various solutions. That being said, it is very common for organizations today to select a different password management product from their core user provisioning solution. Or, they may choose a cloud SSO solution with a different brand from their password management system. Or, their access governance tool might stand-alone from their access management system.
With this type of vendor diversity across real-world IAM implementations, unfortunately the analyst world focuses on rating entire product suites rather than individual product capabilities. Because of the search for one size fits all solutions, ratings are skewed to favor the largest vendors who simply possess the ability to play across every aspect of identity and access management. It is silly to think a single vendor can truly offer the best individual products for an organization in every category of identity management. Yet, the largest firms consistently rise to the top of analyst ratings, because of criteria such as sales channels, breadth of products categories, revenue, global reach, etc. etc.
Clearly, if you don’t need every product in a full identity and access management suite, it’s time to rethink your product research approach to focus on only the product categories you need.
While tight integration favors a suite approach, the flexibility of migrating off of different technologies at different times plays into a segregated ecosystem approach. Putting all of your eggs in one basket can introduce challenges when minor updates are required in just one area of IAM. Also, what happens when your massive suite installation suddenly becomes unsupported, like with Sun, or undergoes an architecture change that requires a complex upgrade? In many situations, organizations simply start over and implement an entirely new, different and costly solution.
SUITE! Pour some sugar on IAM
If you can find an identity and access management suite meets your needs or at least your definition of the 80/20 rule, then you can definitely realize several benefits. A simplified consolidated infrastructure, lower support costs, tighter integration; simplified architectural standards, focused vendor management and potential lower licensing costs are just some of the benefits. Organizations who fit into the “Suite” model typically possess a simplified Directory environment that is well-defined and drives most of their authentication and authorization needs. They most likely also leverage standard off-the-shelf applications and have full knowledge of their internal custom apps, which enables seamless integration with an identity management system. Additionally, a self-service corporate culture also helps to ensure a successful implementation.
ECOSYSTEM! Best of Breed
What happens when an organization requires more specialized needs or is struggling to recover from years of lazy acquisition integrations? Perhaps, they even rely on 5-10-20 different Directories. Typically, they possess unique identity and access management product requirements that differ across different business units. In this situation, their identity management readiness simply might not allow for a successful “Suite” approach. Forcing a single suite into an environment that simply is not ready is project suicide. A better approach calls for equal amounts of consolidation and cleanup work along with targeted identity and access management technology deployments addressing specific business needs.
Whichever route is taken, the standard “process first, technology second” approach should be taken across your entire IAM program. Fully understand your requirements and pain points before shopping for the latest shiny technology tool. At the same time, truly think about your integration must-haves. Determine if you want to be committed to a single suite or the option to leverage multiple vendors to address your identity and access management challenges.
Learn the role IT automation and business driven self-service administration play in creating lean operations. KuppingerCole’s Assignment Management — Think Beyond Access describes the shift in IT operations from tightly controlled identity management processes to workflow enabled administration.