Making IAM Relevant to the Business – Taking a Page from the Past Last week members of the Kantara Initiative, and other interested parties who were in town for the Smart Card Alliance event, got together to chat about various ongoing efforts in the Identity Management space.
The day-long discussion was broken into various sessions and as I sat there I quietly checked off every single point I intended to talk about during the closing session that I was participating in. Depending on your perspective, this could be seen as good or bad: Bad in that my thunder was stolen, but good in a lot of ways.
One item that everyone agreed on, but we had no immediate answer to, is the age old problem: how do we gain more relevance to our business leaders? Certainly it is not by talking about IDPs and RPs and trust frameworks. I was a chemistry major in school, and only took a few business classes, but I’m betting you won’t find these acronyms in business text books. We in the industry, need to coalesce around some terms that don’t invoke fear (or other emotional responses) in our users, and we need to define value propositions for various business models in terms of business outcomes (revenue growth, new customers, customer retention, etc).
The notion of IRM would have flexible access management systems that can adapt based on the risk associated with the requested outcome. To me this begins to behave more like people do in the physical world, and I have always believed that these shifts mark opportunities to accelerate change.
Maybe IAM practitioners will be as exciting to business leaders this decade, as web developers were in the early 90’s.
Maybe, that is, If we can take a clue from the successful boutiques of that era, who in those days got the lion share of business leaders attention, not by talking about HTML, web servers, and secure sockets, but by telling exciting stories about internet presence, virtual storefronts, and reaching new user populations.
Hmm, maybe that last one could be recycled?
NOTE: IDP = identity provider and RP = relying party, just in case …