The Commoditization — and Future — of Identity
Identity is everywhere. You have a social identity, a corporate identity and since the emergence of cloud applications, the number of identities has skyrocketed. These identities are based on personally identifiable information such as social security numbers, dates of birth, credentials, fingerprints, retina scans among others.
The number and complexity of identities is increasing, yet many single sign-on providers are only offering basic capabilities for the most used apps. Why? Because the industry today is focused on the lowest common denominator features and solutions, thus looking at the short-term, not the long-term opportunities available to both their business and their customers’ businesses. That may work for some companies but many businesses in this increasingly cloud-forward world need more flexibility. They need the flexibility to integrate their own apps. The flexibility to allow their users participate in managing their own security. The flexibility to get their arms around the hundreds of apps that power their business. As a result, they may need to be prepared to spend significantly more of their budgets on implementing customized solutions or just simply accept the fact that they will be using an solution that feels like a square peg in a round hole.
Most identity vendors alleviate the commonly felt issues, such as password proliferation and Shadow IT, by handling single sign-on federations, network monitoring or personal password management. But businesses are still left with issues like integrating with the long tail of cloud apps they use and their own internal apps. Additionally, businesses need vendors that enable governance, administration and authorization in addition to just single sign-on and authentication.
Basic identity management in its current state is a commodity. But there are aspects of identity management that have not been addressed by current solutions. As the founder of a cloud-based identity platform, I believe there are tremendous opportunities for the future of identity.
So what does the future of identity look like? I believe that organizations are looking for innovative vendors who help with the following three pillars in addition to solving the common issues:
- Flexible Deployment Models — With technologies like containerization and hybrid public/private cloud deployments, organizations will be able to deploy an instance of their preferred solution while making the best use of their existing infrastructure investments, both public and private. This gives companies the ability to choose the most agile cloud infrastructure available to them while providing flexibility and agility as their business scales. For example, a company might have made a significant investment in their own cloud infrastructure and are looking for a way to deploy a solution internally. Or perhaps their business in a regulated space, such as healthcare, and they’ve audited a specific public cloud provider and want to setup a solution in that environment. With all the emerging technologies in this area, identity vendors should be looking to create flexible solutions that adapt to the customer’s architecture instead of rigid requirements that run counter to what the customer already has in place.
- Application Integration and Management — The proliferation of cloud apps and increased expectations around access from the workforce has resulted in the rise of Shadow IT, compromising security and compliance efforts. Shadow IT happens when employees or a particular department are using hardware or software that hasn’t been formally vetted by IT. In recent years, the move toward bring your own device (BYOD) has created a working environment where staffers expect to be able to use their personal devices for business purposes. The growing prominence of BYOD has increased the presence of Shadow IT. As a result, businesses require solutions that easily integrate with all of the cloud apps used within the organization; frictionless access to internal apps; and robust governance capabilities with visibility and control for administrators. Shadow IT occurs because employees are seeking better ways to get their job done. Companies that want to stay agile and competitive and embrace this behavior need a way to manage this beyond simply choosing to block everything or control nothing. Management and control can happen in a lot of ways, from creating flexible manual policies to implementing dedicated solutions but the main challenge is coming to terms with the fact that app adoption is no longer an IT directed activity. Ignoring that fact only makes things worse for both the company and its employees.
- Credential Management — Most of the current solutions do a decent job of federating identity but fall short on credential management. There is a massive gap in identity and access management exacerbated by the fact that almost all identity providers store encrypted credentials and essentially decrypt them and slam them into web forms to authenticate employees without any regard or notion of credential visibility or credential ownership. Organizations should look for ways to take ownership of employee credentials and manage them through a robust workflow. Credentials have a lifecycle within the organization and, more than ever, companies need identity tools that can help them control that lifecycle. That way organizations can gain visibility into credentials and drive accountability through the automation of repetitive, error-prone tasks. By understanding the lifecycle of credentials — how they are created, who manages them, how they get updated, who has access to them and how ownership can be transferred — companies can push beyond the current status quo by asking their vendors to help them manage the credential lifecycle instead of simply ignoring it.
While commoditization creeps in on the first generation of identity across all aspects of life, we have the opportunity to look optimistically and innovatively at the future of the industry. Identity is being standardized yet is getting increasingly complex over time. We — as businesses and vendors — just need to make sure we are skate to where the puck is going.