Jon Freeman: The next thing I would like to understand is the relationship of organizations, the users within the organizations to usage flow, and where people go. I see that people are moving, and I what I would like is to perceive wall and break them down. Is a user my employee, or is a user someone who is now working for an affiliate or for a different organization? This is important because what I [want] in identity access management is that people, because they change roles, their access to systems at some point, do not become restricted based on their role changes. I need to be able to effect a set of changes that would allow both my users and those policies to move.
If I have to sum it up, I would be happy to, within a department, division, or line of business, to get the ability to translate and move policies from security domain to security domain so that as a user moves, some of those policy definitions move with him.
Third, I’m curious about understanding how I can better use identity within my organization so that I can glean more information from what we see still locked in the e-commerce environments. I know that I can do things like personalization when I go to Amazon, but why can’t I use those same concepts within my organization to make both my user experience and the products I’m developing more identity-centric so that I have a better understanding of that.
The other part would be the integration, better levels of integration between what identity means. This is not only at the application level but down to the network level. I don’t want to have two conversations, one with my network team, discussing perimeter security but not a lot of understanding of identity, and then my identity not having a lot of understanding of my network. I would like to see better convergence of the ability to understand not only identity as it relates to applications but identity as it relates to devices. This becomes very important considering the amount of investment I’m making as a Fortune 500 guy in mobile computing. I need to be able to understand the impact of new types of devices and then be able to change the behavior of the device or the behavior of the application based on not only the device but the user who’s using that device. This notion of identity-centric computing needs to extend out.
My last thing would be the ability to use identity in not such a binary mode. What I mean by that is a better level of identity or a richness in the identity vocabulary so that I can do more human-based activities. There’s no notion of reputation or persona within the corporate enterprise environment. There are many organizations attempting to bring Yelp-style technologies within the organization so that you can do things like weigh service providers or software as a service systems. But I’d like to have a richer vocabulary other than “this user is authenticated” or “this user is authorized.” It’s very binary stuff.
Those would probably be my top five [wishes].
Sramana Mitra: As I was listening to you, I was thinking about if I were managing a system, what would be hugely useful? You talked about devices, and yes, devices are becoming a massive issue in enterprises. What if I could get enough data to see patterns on how people are using devices and also get policy recommendations that I should be introducing into my identity management system to help users use those devices in an optimal way?
JF: I think that’s perfect, yes.
SM: That’s just an example of taking one layer above analytics. Analytics help us find patterns and organize the data from an unstructured model to some sort of a structure which allows us to look at what’s happening. But we need to go one level beyond to make it further actionable on where new patterns are emerging. What do we do with those patterns?
JF: I think that’s spot on; that’s exactly right. We see so many organizations now deploying these new devices such as iPads, Androids, and other mobile devices without understanding how to best use them. That’s one of the largest growth areas. There’s a lot about policy management of the devices as far as should I wipe this device or not? But when you get to the real stuff, the stuff that you’re talking about, it’s all green fields right now.