Do you know who is on your network, and if they're compliant? Companies face many identity challenges today - whether it's dealing with compliance issues, implementing an enterprise-wide identity management solution or focusing on signon challenges for specific group of users.
With security threats on the rise, they increasingly need help managing the full lifecycle of user identities across all enterprise resources within and beyond the firewall.
The local identity and access management (IAM) market was estimated to be worth over $77 million in 2005 and is rapidly expanding. According to IDC solutions and system management software senior analyst, Patrik Bihammar, it is expected to record a strong growth rate (CAGR) of almost 17 per cent to reach almost $170 million by 2010. "The need to protect against online ID theft and fraud as well as help manage identities both within an organisation and between external stakeholders is essential," he said.
Resellers can play a big role in ensuring companies are following approved processes for user provisioning across the enterprise and with partners. Some solutions under the IAM hat include single sign-on and Web access control, identity administration, user provisioning and compliance, federated identity, directory services, strong authentication, Web services security, and security toolkits.
"IAM is a comprehensive set of solutions used to identify users in a system [employees, customers, contractors, and so on] and control their access to resources within that system by associating user rights and restrictions with the established identity," Bihammar said.
The IAM market shape is shifting, and changing vendor dynamics are in full swing. Bihammar said consolidation was occurring as large IT management vendors attempted to build out full IAM offerings. Major players include IBM, CA, Oracle, Sun and Novell. Microsoft, RSA Security (acquired by EMC), HP and BMC have also been strengthening their IAM attack. Vendor consolidation was leading to fierce competition, Bihammar said.
"Expect to see fighting around tenders, better solutions, and slightly moderated prices this year," he said.
Bihammar said key customer benefits for IAM investments were improved security and productivity, reduced cost and management complexity.
"Another strong driver that's only expected to become stronger is the requirement to comply with government and industry regulations," he said.
At this point, resellers should look for opportunities at the top end of town.
"Identity management is largely implemented by large organizations with complex IT environments including financial services, government, telco, manufacturing, utilities and retail," Bihammar said.
Today, IAM is mostly provided either by the security services arms of the vendors themselves, large system integrators (such as Accenture), or smaller specialised service providers (for example, Agreon and Directory Services).
Sun Microsystems solutions architect, Darren Fowler, argued there was plenty of room for traditional IT resellers to get on-board. He suggested they focus on enterprise and key verticals such as financial services, government and utility providers.
"The medium and large enterprise customers are challenged by auditors these days, who are putting pressure on companies to tighten up their IAM," Fowler said.
Sun's approach to IAM is on helping companies eliminate project complexity. Fowler said resellers could assist an organisation sift through myriad solutions, and guide them to making an initial investment based on their specific pain points. These could then be scaled up as their demands increased.
Today, many organisations are tasked with cleaning up their systems in a bid to bring about identity coherence. This is crucial in delivering unified services to large numbers of users affordably and with security and single customer view facilities.
As an organisation's IT environment becomes more complex, businesses need to streamline essential security administration tasks in order to protect the fort. Poorly managed user access rights are one of the top priorities.
"There are a number of key areas," Fowler said. "There's identity management [password management, user management and provi sioning users], then the access control layer [authenticating and proving who you are, and authorising and enforcing the policies, as well as auditing].
"The technology sale depends on where the company is hurting the most, and it tends to be a combination. There's a big part for resellers to play, acting as the company's trusted adviser." Fowler said partners should start off small at a user site, and offer assistance in building up the software portfolio. It was also important organisations had auditing, reporting and management visibility across IAM products.
"Managers also need to attest to the fact their team has access to the right systems," he said.