Blogger: Lori Rowland
The financial meltdown of 2008-2009 has had a significant impact on the identity management market, but it might not be in the way you expect. Organizations have undergone significant business transformation including mergers and acquisitions, business closures, restructuring, outsourcing, layoffs, furloughs, and terminations. These changes have highlighted the need for effective identity management processes.
One of the most obvious value propositions of identity management given today’s economic conditions is the de-provisioning of users’ and their access rights. The need for timely de-provisioning of access rights was recently exemplified by a situation at Fannie Mae. Several news outlets have reported on an incident in which a contract employee was allowed to stay on premise for several hours after he was terminated. Worse yet, his network access was not revoked until even later that evening. This gave him just enough time to place a malicious piece of code on Fannie Mae servers. Luckily an observant engineer discovered the code before it was executed, otherwise the code would have brought down thousands of servers, most certainly impacting Fannie Mae’s bottom line.
De-provisioning is not the only identity management benefit that comes to bear in a bad economy. For example, organizations want to ensure that the employees they have acquired (either through a new hire process or acquisition) are up and running on day one. Others want to physically secure their environment and protect information and other assets– this is particularly true in environments where layoffs have occurred or in which the competition is fierce. Last, but not least, is the ever present need to meet compliance obligations – chances are the demand for stricter controls is only going to be increased due to the economic crisis.
Burton Group is in the process of updating our 2009 Identity Management Market Overview report. As part of the research for this report we are reaching out to our customers in order to find out what impact the bad economy has had on their identity management (IdM) initiatives and project funding. It is too early to give a final verdict, but early indications suggest that identity management initiatives are still going strong. As one organization put it “businesses are not willing to sacrifice controls, compliance, or security in order to cut costs.” This is not to say that some projects are not being cut, we have seen some of that, but we are also seeing organizations move their identity management projects to the forefront and recommit to their success.
Another indication that the identity management market is thriving is the fact that vendors like Courion, Imprivata, Sentillion, and Sun have recently reported year over year growth and, in some cases, record growth for their identity management products. This is just a sampling of vendors, we are certain that there are others who are also experiencing similar growth in their identity management product lines.
Although we are seeing interest in identity management growing, organizations are demanding alternatives to the traditional identity management suite or delivery model. Organizations are looking at identity services for SOA based environments, outsourcing, hosted solutions, open source, subscription based licensing, and cloud based solutions all in an effort to reduce costs and simplify deployments. Burton Group will be discussing this and other identity management trends in our forthcoming Identity Management Market Overview report and the Emerging Identity Services Market report. We also will be deep diving into these topics at our Catalyst conference in July.
All in all –the bad economy seems to have been good for identity management. It has not only brought the need for efficient identity management processes to the attention of organizations and subsequently boosted sales in identity management products, but has forced vendors to offer alternatives to the often bloated, identity management product delivery model.
Lori suggests that the unfortunate wave of layoffs and increased productivity requirements have driven demand for automated provisioning – to ensure that departed staff cannot access information and systems and that new hires are productive as soon as possible.
These are accurate observations from what Courion has seen in its business. But as the late Paul Harvey used to say…let’s talk about “the rest of the story”.
The reality for CIOs is that they have budgets that are flat at best, and more likely decreased from 2008. The impact on new projects is more severe. As all of us in the software industry know, a flat budget means a reduction in new project spending…a 10% budget reduction actually means a 30-100% reduction in new project spending.
This was confirmed for me when I spoke with 20 CIOs and CISOs in Courion’s customer base earlier this year. The response across all industries and company sizes was that they would have at most a small handful of new projects this year. But they were all faced with the same challenge: “how do I respond to increasing access compliance pressures – whether regulatory- or internally-driven – with a budget less than last year’s?”
This is the driver of the increased demand that Lori identified. Customers are demanding products that can automate administrative processes to reduce staff (and costs) while at the same time ensuring compliance with security policies and regulations.
They have to be compliant, and they have to reduce costs. It’s that simple.
It is not surprising that the two examples that Lori provided were Access Provisioning examples. More than any other part of the Identity & Access Management market, Access Provisioning provides customers with the opportunity to reduce hard costs while improving security. This – along with Provisioning’s ability to speed business processes – is why CIOs view Provisioning as a strategic platform for their operations.
So does this mean that Access Provisioning and Compliance projects are always among the 1 or 2 projects above the line to get budget? While Courion’s sales force might wish they were…the answer is “sometimes”. What makes Access Provisioning & Compliance projects unique among security projects, however, is that they can actually help IT organizations increase budget. I’ll offer a recent Courion customer project as an example.
Courion recently signed an agreement with a customer to provide automated provisioning/de-provisioning and access verification for over 50 applications – even though the customer had no budget. How could we do this? Did Courion all of sudden lose its moral bearings and start to employ the bait and switch “free” approach of some vendors? No it didn’t.
Even though the project cost is over $1 million, the project will never negatively impact the customer’s financial statements. Or as my CFO likes to say, the project creates “P” instead of “L” on the Profit & Loss statement. The customer is able to begin reducing administrative staff within a few months of the project start, and is always able to reduce staff faster than the cost of the project that hits the P&L. And they end up ahead of their auditors – delivering the security the business needs but doesn’t want to pay for.
I have been working in the Identity & Access Management market for over 15 years now, from before it was called the IAM market. I’ve been through the recession of the early 90’s. I’ve been through the Tech Meltdown of 2001. Never before have I seen customers need vendors more to help them improve security and reduce costs, than they do today.
And that….is the rest of the story.
Posted by: Chris Zannetos - President & CEO, Courion Corporation | March 19, 2009 at 02:19 PM