Predictions for 2007

Christine asked me to make some predictions for 2007 (presumably so Dave Kearns will publicize them ). I'm not big on predictions unless they are related to figuring out how NetPro can produce better products or get into a profitable market space, but maybe I have something useful to contribute to the discussion. Or maybe I'm just, as my CEO puts it, "pontificating".

There are five things that drive IT organizations, as I see it. They are, in rough order of importance:

  1. Reducing operational costs
  2. Increasing security (which reduces operational costs due to security failures)
  3. Improving IT service levels (which reduces operational costs for the rest of the organization)
  4. Providing new capabilities that make the organization more competitive (which increases the revenue generating capabilities of the organization)
  5. Deploying new technology just because its cool

For most organizations, IT is a cost center. You need IT to run the business, but most CEOs don't look to IT as providing strategic advantage. If an organization does find a way to turn IT into a strategic competitive advantage, pretty soon everyone is doing it, and it becomes just another cost of doing business. So driving out costs is generally number one on the list.

Security spending has been number one on the list recently, but that has been largely driven by regulatory compliance. Making sure the CIO doesn't appear on TV in an orange jump suit trumps everything else in the IT budget . But its not hard to see the costs of security failures, so preventing them is a priority.

Improving IT service levels is usually a ways down on the list of IT spending. Most applications are running fast enough and reliably enough to not be an obvious problem, so its rare that organizations will spend a lot on increasing service levels. And if there are service level problems, the usual solutions is to throw some hardware at the problem, which often as not works ok. Hardware is cheap, relateively speaking.

Its unusual for companies to see a way to leverage IT to provide strategic advantage, but it does happen. And when it does, its worth spending a lot of money on it.

And finally, once it a while, the hype factor kicks in for some new hardware or software product and organizations will spend money on it without any real tangible benefit. IP telephony was one such product, although these days the costs have come down to the point where the flexibility makes the investment worthwhile.

So given that these are the five drivers in IT, what does that say about the identity and access industry this year? Well there are a couple of things, almost all in the "driving out operational costs" area.

PREDICTION #1: Spending on regulatory compliance is going to flatten out. Most companies have managed to get their compliance issues under control, and are actively trying to drive the costs out of the process. They don't want to spend any more on them than they already are. Caveat: If the new Congress decides to tighten the screws some more on coporations, regulatory costs will go up.

PREDICTION #2: Spending will increase noticably on automating IT processes, including identity-related processes like user and access provisioning. One of the easiest ways to reduce IT operations costs is to push the costs back to the user departments. For instance, instead of IT figuring out whether someone should be granted access to a resource, it is more efficient for the resource owner to make that determination. IT doesn't have to be in the loop except to report the change. Self-service access provisioning will start becoming popular, along with other self-service processes.

PREDICTION #3: There will be a lot of new identity infrastructure consolidation projects, either integrating identity stores in the classic metadirectory sense, or even more likely, getting rid of redundant identity stores and settling on a few. Many organizations are going to start using Active Directory to authenticate their non-Windows systems, either by doing it themselves or with a third-party product like Centrify. Getting rid of the management costs of an entire identity store is low hanging fruit. There will also be a few hardy souls who will try to use Samba 4.0 to authenticate their Windows machines. They will claim victory, but it will be victory in the "Mission Accomplished" sense.

PREDICTION #4: Federation will start to get some real traction with some significant real-world deployments, partiularly in limited scope manufacturer-supplier type arrangements. There's a lot of money to be saved by NOT trying to manage your vendors' identities, and the technology is there to make it work. Giving your supply chain constrained access to your internal resources has always been a good idea, but it has always been expensive to manage it. Federation can drive out those costs to the point where it can become a strategic advantage for some companies.

PREDICTION #5: Microsoft will announce an identity management roadmap that actually makes sense enough for large organizations to start buying into it. There will still be some vaporware, but the story will be complete enough, and progress tangible enough, that CIOs will be willing to invest.

That's my story, and I'm schticking to it.