Introductory entry

Hi there, as the first entry in this Identity Management focused blog, I’d like to introduce myself and share a little on what content and thoughts you can expect me to be delivering over the coming months. Who am I, and what am I doing writing a blog?

My name is Phil Allen and I am a Senior Consultant with the EMEA Identity Management team at BMC Software. I started my work in IT in support where I learned that customers are the most important people we deal with on a daily basis (a point which I feel is often overlooked) and I then moved into direct customer facing roles working with customers to identify their needs and help them meet their business needs. Having worked for the last 8 years helping customers adopt what has more recently become know as the  Identity Management, I hope to share my experiences of the issues and the solutions of this ever changing arena.

 Why a blog? At first I thought this was an easy answer, express my views, share my thoughts, voice my concerns, but then I thought further and deeper. Being a person who has always expressed my views, I am a firm believer that if you think something should be said then say it. So the overall reason for starting this is to provide a forum through which open discussions and thoughts can start.

 Terminology. As a starting point, in the Identity Management market, one of the real bug bears customers have to deal with on a daily basis is around terminology. As IdM has developed so has conflicting, confusing terminology, which has served only to alienate providers of solutions from their customers and to frighten people into thinking that they need to be a nuclear physicist in order to secure / enable their business. Would an organisation like Single Sign On, Simplified Sign On, Reduced Sign On, Password Synchronisation, Automated Log on etc. We are all responsible in providing clarity over the solutions which are provided, and to using real life terminology. Although this is a market which has been around for 10 years or so in one guise or another the market is still developing and changing on a regular basis with new acquisitions and restructures all of which bring their own terminology. I feel we are at the stage in the market where we need some clarity around terminology, and so the consumers of the technology can understand which components they need to suit their business requirements. When does Access Control relate to the enforcement of access, and when does it relate to the correct role management of an identity thus leading to the user’s account being created with the correct access rights?

I see there being a simplification of the vocabulary which we use being forced upon solution providers both by the customers who we work with and also from our colleagues who are entering into the market place. Identity Management can really be seen as: central management and enforcement of access control for business critical applications both for internal and external users; automation, to ensure these controls are in place at the separate applications in place; and audit of the entire solution. This has the overall effect to reducing costs in the business, improving the experience of the IT infrastructure for both end users and administrators, and reducing risk in the business by preventing users gaining access to systems they either no longer need access to, or should never have had access to in the first place. 

I trust this first entry provided some food for thought, and a little insight into future content. I am aware that this will be read by those who have been in the industry for a while as well as those new to Identity Management, and I will try to cover both of these poles. I look forward to receiving your comments/thoughts.