Active Directory, other directories and metadirectory “engines” will hopefully become dial tone on the network and won’t be something that has to be managed – at least not to the level it has to be today.
We are still working with provisioning technologies that were built in the 90’s. These technologies haven’t changed much. With services to license ratios still in the 5:1 to 10:1 range we clearly haven’t been successful from a software perspective.
I completely agree with Jackson that most IdM deals are way too expensive, take too long, and involve too many services. I always say, “Customers want to buy a product, not a project.” Where I disagree with both Jackson and Dave is why. I don’t believe it has anything to do with how old the technology is or whether it’s meta-directory, virtual directory, or SOA based.
The problem with most IdM deployments are three-fold from my experience:
1) Most enterprise software is not designed with management (identity or otherwise) in mind. Customers are unwilling to take management capabilities into serious consideration when selecting enterprise software so enterprise vendors have no incentive to make it a priority.
2) The big IdM platforms are too complicated and too hard to install, configure, and maintain. Some of this is due to poor engineering, but a lot of it is due to trying to merge independently developed products together into one solution suite.
3) Many of the big IdM vendors aren’t really serious about IdM as a product unto itself. They see IdM as a beachhead they must control to sell their other products or services. This drives them to over-promise which invariably leads to failed deployments and unhappy customers.
Most enterprise customers don’t want to be in the Identity 2.0 business. They don’t even want to be in the Identity 1.0 business. What they want are solutions to address specific needs at a reasonable cost.
Perhaps the future of enterprise IdM belongs to companies like Microsoft, Optimal IdM, Vintela (Quest), and Approva. Companies that are trying to provide value around specific pain points rather than trying to push a comprehensive suite solution.