Putting the Practical Back in IAM
Let's face it: explaining Identity & Access Management to a layperson isn't easy. How often do those of us who work in the space respond to the simple question "so what do you do?" at a cocktail party or a family event, only to see that familiar glazed-over expression less than 30 seconds into our reply? IAM is a space that's prone to acronyms and cryptic concepts: SSO, virtual directory, WAM, federation, SAML, LDAP, etc. Of course, the issue here is not so much that these concepts are over your grandmother's head. The problem comes when your grandmother is a high-level executive trying to figure out how IAM is going to provide significant ROI for her company. As product and service providers in this space, we're the ones responsible for making the practical case for Identity & Access Management. My belief is we could all be doing a better job of this. The inspiration for this post was a recent interview conducted with Dieter Schuller, VP of Business Development for our partner Radiant Logic. The interview covers its own fair share of acronyms and concepts, most of which are at the core of what this blog's readership does for a living. But eventually it shifts into a practical (and very powerful) example of what identity correlation can do for a business, courtesy of Dieter:
For example, we just worked with a major electronics company, where they started with access management, single sign-on, delegated administration, but they wanted to make their portal a much better experience so when the user logged in, rather than just serving up products, the idea is you know enough about me because you have an order entry system that tracks what I bought online, you have a product registration system that tracks what I bought offline, you have a product database so you know that I bought a camera and now you should try to sell me a camera case.
They actually took it a step further and actually integrated it to their partner systems as well. They have a relationship with Facebook, for example, and, for that particular identity, started to look at what their movie and music preferences are and serving up content based on that.
Take a step back and think of what this interview would have meant to a non-IAM professional had it not included this real-life scenario. I think it would have led to multiple Google searches to define MDM, CDI, virtual directory, etc, if the reader had the time. Instead the reader comes away thinking about what this technology meant to an electronics company and how this might help his/her own business. In the real world this can mean the difference between a company becoming a prospect, and a prospect becoming a client or a customer.
"For example" can be powerful words in the context of security technology. We need more for examples in this space, not less. Have you seen examples of IAM companies providing practical real-world descriptions of how their products and services are being leveraged? If so, please share in the comments!