All the latest UK technology news, reviews and analysis
|
|
|
12 Mar 2009
Identity and access management (IAM) will undergo a series of key changes over the next few years, particularly around the development of smartcard authentication, identity-aware networks, hosted IAM and out-of-band authentication.
The predictions were made by analyst firm Gartner ahead of its Identity & Access Management Summit 2009 in London on 23 to 24 March.
"There is a continuing need in this time of economic uncertainty and budgetary constraint for cost-effective, risk-appropriate IAM methods," said Ant Allan, research vice president at Gartner.
"This includes growing demand for identity-aware networking, host-based and service-based IAM offerings, and the search for protection from increasingly effective malware attacks against consumer accounts."
Although relatively unheard of today, the research predicts that hosted IAM and IAM-as-a-service will account for 20 per cent of IAM revenues by 2011, as the platform moves from software-centric delivery models to composite services models.
Driving this evolution is the potential to reduce the costs of implementation and use, and prepare for a more mature production-centric approach to delivering IAM as a service, thereby allowing customers to focus technical planning and delivery on less mature feature sets, such as access and intelligence.
However, Gartner warns that organisations looking at IAM-as-a-service should take a gentle approach, extending existing systems rather than significantly upgrading in a single sweep.
While hosted or managed IAM is set to rise, a fifth of smartcard authentication projects are expected to be abandoned, and 30 per cent scaled back in favour of lower-cost and lower-assurance authentication methods.
Although smartcards are generally regarded as a very secure and effective method of authentication, managing the cards and the associated desktop infrastructure is relatively expensive. In the current economic environment, this cost may be seen as prohibitive, prompting companies to consider cheaper alternatives based on risk, end-user needs and total cost of ownership.
Latest stories from Networks
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
The Company: My client based in Sheffield are one...
Binary Phase Shift Keying (BPSK) Modulation Consultant...
Java Games Developer, Online Gaming, London Key words...
Quant Dev, Quantitative Developer, RAD, Hedge Fund, Asset...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
IAM is more than just a technology play
Identity and Access Management (IAM) is more critical than ever to organisations of all sizes. Even some of the largest companies in the FTSE 100 still use manual processes for tracking who has access to what. Such systems are often paper-based, or involve multiple standalone IT systems. Either way, it can be a time-consuming process to enable access, and an even harder one to take it away again. A poorly implemented manual process will buckle if you have to do it for 1,000 people in quick succession. The current spate of job losses, mergers, acquisitions and data breaches have prompted several companies to take action to automate and modernise their access management processes and IT. So significant is the issue, research group RNCOS released last month is forecasting that the IAM market will grow at a compound annual growth rate (CAGR) of nearly 23 percent between 2009 and 2012. Europe and Asia-Pac will account for nearly 62 percent of the market by 2012 according to the research, largely because of spending on IAM in the major financial services centres. As Gartner rightly points out, the knock-on effect is that many rush in and choose a solution based on reputation rather than proven capability. No IT solution should be chosen on that basis alone, especially a security solution. A sound upgrade of any IAM system and process is achieved through the considered and planned deployment of technology and services, with clear objectives for efficiency improvements and longer-term cost saving in mind. For this reason, investment in any IAM solution - especially if it is to replace an existing solution or group of disparate systems - must not be a snap decision. Of course, IAM is more than just a technology play, even the best technology deployment needs to be supported by clearly-defined policies and staff education to ensure that best practices are adhered to at all times.
Posted by: Stuart Hodkinson, UK general manager for Courion 12 Mar 2009
IAM Predictions
You can't run a business without electricity but you don't have to generate it yourself. Businesses don't need to own and manage IAM to succeed any more than they need to own their utilities. In times of recession organisations must revert to focusing on their core competencies and what makes them money. IAM, while vitally important, is not a core competency and hosting offers a massive opportunity to reduce expenditure. However, while you can outsource some of the technology and process to do with managing identities, you cannot outsource full responsibility. Approval and attestation of access rights - about who should have which rights to perform which tasks - must remain in house. It would be extremely dangerous to hand over full responsibility for control of access management to external parties. Mike Small, Principal Consultant Security Management, CA.
Posted by: Mike Small 12 Mar 2009