Gartner Identifies Six Trends That Will Drive the Evolution of Identity and Access Management and Privacy Management in 2012
Analysts Explore Market Drivers at the Gartner Identity & Access Management Summit 2012, 12‑13 March, London
"In 2012, businesses need to increase their focus on identity and privacy projects that can achieve quick time-to-value and deliver real value not just to IT, but also to the business," said Bob Blakley, vice president and distinguished analyst at Gartner. "As organisational boundaries erode under the pressure of federation and outsourcing, and as organisations' control over IT continues to weaken through increased adoption of mobile devices and cloud services, identity management is more important than ever - and more problematic."
Six major trends will drive the evolution of the IAM and privacy management sectors in 2012:
Tactical identity: The scope of, and budgets for, identity management projects will remain constrained. A major cause of failure for these projects has been an overly broad scope combined with a lack of focus on business value. There is no longer the budget or the appetite for projects that run the risk of such failure. This year's IAM projects will generally be limited in scope and schedule to help ensure success.
Identity assurance: Demands for stronger authentication and more mature identity provider infrastructures and practices will intensify. Serious deficiencies in both these areas, and in credential issuers, came to light in 2011. Organisations need to know who they are trusting, why, and for what. They also need to know what the consequences will be if the organisations they trust to provide identity information do not fulfil their obligations, and they need to know the strength of the mechanisms used to convey identity information.
Authorisation: Authorisation requirements will grow more complex and more urgent in response to continuing regulatory pressure and riskier and more complex IT and business environments. Identities are not very useful by themselves - their usefulness lies in authorising access and in the creation of logs that can be used to hold people accountable for their actions. Identity life cycle management, authentication and auditing are fairly mature in many organisations. Authorisation (i.e., the creation and enforcement of access control policies) is much less mature, but will assume a place as a first-class business function.
The identity bridge: Identity management must start to span the chasm between organisations - a new architectural component is needed to manage the flow of identity information between cooperating organisations. Managing federated identities is a complex task, and the protocols for federated provisioning and federated management of identity policies and attributes are immature. The central authoritative source of identity information can only reside at the edge of the organisation to look inward and outward simultaneously, and the processes that manage federated identity span the perimeter. The hole in modern identity architecture is starting to be filled and will become an identity bridge.
The sea of tokens: Identity information frequently has to be transformed by each domain that receives it, and then passed on to downstream domains. Identity information is transmitted via tokens (which may be carried in protocol headers, but are increasingly carried in protocol payloads). The new tokens-and-transformers architecture is more modular, more flexible and more loosely coupled.
Policy battles: Increasingly, concerns over privacy and identity theft are alarming the public, and they are also having a serious impact on business operations and even business viability. The business community, the privacy lobby, and law enforcement and national security communities will continue to wrangle over identification and privacy laws and regulations - and this will continue to drive changes in the identity infrastructure.
"On the one hand, identity is the main point of control that organisations still have over information in a world where users own the clients and outsourcers own the servers. On the other hand, establishing identity in such a diverse and heterogeneous environment is becoming more difficult, and the identity information itself is increasingly problematic as a source of privacy breaches," said Mr Blakely. "New technologies, new services and new architectures are emerging in response to these pressures, but plenty of work still has to be done before the industry can produce a comprehensive and dependable identity architecture for the modern world."
Additional information is available in the Gartner document titled "2012 Planning Guide: Identity and Privacy." The report is available on Gartner's website at http://www.gartner.com/....
Mr Blakley will speak on IAM trends at the Gartner Identity & Access Management Summit 2012. For further information on the Summit which takes place on 12-13 March in London, please visit www.gartner.com/eu/iam. Additional information from the event will be shared on Twitter at http://twitter.com/... and using #GartnerIAM. Members of the media can register by contacting Laurence Goasduff at email@example.com.
About Gartner Identity & Access Management Summit 2012
The Gartner Identity & Access Management Summit 2012 will explore the future of IAM technologies and the changing market landscape. It will help organisations promote desirable business outcomes, improve identity-relevant service levels, and satisfy growing regulatory and compliance imperatives.
About Gartner UK Ltd
Gartner, Inc. (NYSE: IT) is the world's leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is a valuable partner to 60,000 clients in 11,500 distinct organizations. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, USA, and has 4,500 associates, including 1,250 research analysts and consultants, and clients in 85 countries. For more information, visit www.gartner.com.