How Authentication-as-a-Service becomes a part of leading IAM stacks and why virtualization is no longer a viable technology without identity and access management.
CA’s acquisition of Arcot signals that partnering with an adaptive authentication vendor is no longer enough to offer a comprehensive access management strategy: you’d also have to have an adaptive authentication product to allow your customers to retire costly physical tokens. But this is not the primary reason CA picked up Arcot. It is Arcot’s thriving hosted authentication and fraud management services that were the most lucrative assets to CA. Adaptive authentication is part of any organization’s fraud management strategy — however, CA’s inexperience here leaves a few questions to be answered. Will CA keep and grow Arcot’s fraud prevention service? If so, how will it integrate fraud management with IAM? The requirement for integration is clearly highlighted by Forrester’s conversations with its FinServ and other verticals’ customers.
I recently had an opportunity to spend a day in three separate meetings with infrastructure & operations professionals from three of the top six financial service firms in the country, and discuss topics ranging from long-term business and infrastructure strategy to specific likes and dislikes regarding their Tier-1 vendors and their challengers. The day’s meetings were neither classic consulting nor classic briefings, but rather a free-form discussion, guided only loosely by an agenda and, despite possible Federal regulations to the contrary, completely devoid of PowerPoint presentations. As in the past, these in-depth meetings provided a wealth of food for thought, interesting and sometimes contradictory indicators from the three groups. There was a lot of material to ponder, but I’ll try and summarize some of the high-level takeaways in this post.
Servers and Vendors
These companies between them own in the neighborhood of 180,000 servers, and probably purchase 30,000 - 50,000 servers per year in various cycles of procurements. In short, these are heavyweight users. One thing that struck me in the course of the conversations was the Machiavellian view of their Tier-1 server vendors. Viewed as key partners, at the same time the majority of this group of users devoted a substantial amount of time to keeping their key vendors at arm’s length through aggressive vendor management techniques like deliberate splitting of procurements between competitors. They understand their suppliers' margins and cost structures well, and are committed to driving hardware supplier margins to “as close to zero as we can,” in the words of one participant.
The new book Empowered highlights the benefits of empowering HEROes (highly empowered and resourceful operatives) within the workforce. As we approach our first-ever CIO Forum in October, I’m looking around for great examples of how governments are using social technologies to empower employees to serve empowered citizens.
When I think of government IT projects, I often think of multimillion-dollar projects lasting years before going live. But it doesn’t always have to be that way, as the following example illustrates.
Peter Koht is a HERO working for the City of Santa Cruz Redevelopment Office. In 2009, the city was facing its worst budget crisis (a problem familiar to many city officials). Running out of options, the city had already shut down civic services such as the community pool, museums, and a family resource center when it faced up to the reality that the people of the city needed to be involved in the decisions about what services to cut. Unfortunately, the voices too often heard at civic meetings were representatives of the extreme viewpoints at either end of the political spectrum. In an effort to collect more ideas from the silent majority, Peter suggested the city could tap into social media to connect with its citizens. Lacking any kind of budget or resources, Peter had to rely on the help of three volunteers to get a community site up and running in a week.
Peter Hambling, CIO of Lloyd’s of London, the venerable insurer, has made Facebook a priority for customer communications that required board approval. But more on that later. First, some background . . .
It's the nature of things. Some people look for ways to do things better — and that includes your employees. Some of your employees are questing for a better way to get things done. If there's a better way out there, they'll find it. That's a good thing because the thing they're trying to do better is their job. Serve your customers. Solve your business problems. Improve your operations.
It's always been true: Incremental innovation and process improvements have always come from those closest to the problem. It's the basis of kaizen, a system where employees continually improve manufacturing processes. It's also a founding principle of Six Sigma — tap employees' relentless, incremental quality improvements.
Product strategists should check out this article in today’s New York Times about online borrowing. Think of it as a Web-empowered peer-to-peer product rental program. The article describes how Web sites like SnapGoods allow private owners of products to rent them out for temporary periods of time to consumers who want to use – but do not (or cannot) own – those same products. It’s a product rental marketplace, smaller than but resembling a product sales marketplace (like eBay).
This peer-to-peer product rental approach to sharing complements another sharing technique that has been around for a while: timesharing. Vacationers who own 1/8 of a condominium in the Bahamas get to use it part of the time, as do their fellow timeshare partners. More recently, the Web enabled Zipcar to grow to over 275,000 users by 2009. Zipcar users make reservations to use vehicles in their neighborhoods on an hourly basis.
There has been turmoil and angst recently in the 0pen source community of late over Oracle’s decision to cancel OpenSolaris. Since this community can be expected to react violently anytime something is taken out of open source, the real question is whether this action has any impact on real-world IT and operations professionals. The short answer is no.
Enterprise Solaris users, be they small, medium or large, are using it to run critical applications; and as far as we can tell, the uptake of OpenSolaris as opposed to Solaris supplied and sold by Sun was very low in commercial accounts, other than possibly a surge in test and dev environments. The decision to take Solaris into the open source arena was, in my opinion, fundamentally flawed, and Oracle’s subsequent decision to change this is eminently rational – Oracle’s customers almost certainly are not going to run their companies on an OS that is built and maintained by any open source community (even the vast majority of corporate Linux use is via a distribution supported by a major vendor and under a paid subscription model), and Oracle cannot continue to develop Solaris unless they have absolute control over it, just as is the case with every other enterprise OS. In the same vein, unless Oracle can also have an expectation of being compensated for their investments in future Solaris development, there is little motivation for them to continue to invest heavily in Solaris.
Recently, I published a report about a small software-as-a-service (SaaS) vendor, Dimdim, which is having success in the crowded Web conferencing market. Like many small vendors, Dimdim provides a free service tier, generously allowing up to 20 participants into the free meeting, to help drum up business. The report, though, did not simply highlight the number of users that Dimdim has captured in four short years of existence -- over 5 million -- but also its success in attracting partners like Intuit, Novell and Nortel CVAS. Why? For new vendors entering crowded markets, attracting partners is vital for two reasons:
Partners open doors to new markets. In crowded markets, incumbent vendors and new entrants jostle to serve customer needs. For the new entrants, the customers that can be wrangled through media hype and analyst buzz is minimal. Mass appeal comes from firms with strong working relationships with a range of buyers in a number of markets -- e.g., oil & gas, healthcare, government -- embracing a small vendor's offering and introducing it to their clients.
Yesterday, I participated in one of the regular content planning sessions for us analysts on Forrester’s IT Infrastructure & Operation’s Research team. Similar to investment managers and their portfolio of stocks or bonds, we spent time making buy/hold/sell decisions on what we will research more, continue to research, or stop researching. Among the many criteria we use to make these decisions, like client readership, inquiries, or consulting, the strategic relevancy to IT is an important factor to consider. And there was some heated debate around research themes we may phase out down the road…
Enter the discussion on IT asset disposition – or the process of reselling, donating, or recycling end-of-life IT equipment. While every organization eventually has to dispose of its end-of-life IT equipment, it’s long been an afterthought. And the data backs this up. Forrester finds that 80% of organizations globally use their OEM, third parties or a combination of the two for IT asset disposition. But when asked how important IT asset disposition is relative to other IT asset management processes, it’s far and away the least important. As an indicator of this, I recently surveyed over 300 European IT professionals where 77% of respondents ranked IT asset disposition “less important” or “least important.”
This begs the question, is disposing of end-of-life IT equipment really strategic?
Historically, the positioning of Dell versus its two major competitors for high-value enterprise business, particularly where it involved complex services and the ability to deliver deeply integrated infrastructure and management stacks, has been as sort of an also ran. Competitors looked at Dell as a price spoiler and a channel for standard storage and networking offerings from its partners, not as a potential threat to the high-ground of being able to deliver complex integrated infrastructure solutions.
This comforting image of Dell as being a glorified box pusher appears to be coming to an end. When my colleague Andrew Reichman recently wrote about Dell’s attempted acquisition of 3Par, it made me take another look at Dell’s recent pattern of investments and the series of announcements they have made around delivering integrated infrastructure with a message and solution offering that looks like it is aimed squarely at HP and IBM's Virtual Fabric.
The Washington Post is reporting a new wrinkle in cyberwarfare. In the article Defense official discloses cyberattack, the Post reports that “malicious code placed on the [flash] drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. military's Central Command.” Perhaps SkyNet has become self-aware, as this malware appears to be able to “upload” itself onto a military network. We ARE nearing August 29th…
According to Deputy Defense Secretary William J. Lynn III, "It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary." This must be one awesome piece of code – sentient, silent, and “poised.”