What does an Elephant have to do with identity and Access Management?

An ancient story talks about four blindfolded people who were asked to describe what an elephant looks like by touching the elephant.  The first person touches the elephant’s body and says that an elephant is like a wall.  The second person touches the elephant’s tusk and says that an elephant is like a spear.  A third person grabs the elephant’s nose and says that the elephant is like a snake.  The fourth person grabs the elephant’s leg and says that the elephant is like a tree.

How does this relate to Identity and Access Management (IAM)? Since the introduction of IAM 15-20 years ago, different vendors and customers have “touched” IAM from different angles and define it differently.  Application administrators (customer and vendors) view it as a foundational component, CSOs view at it as a sub-area of security, business owners are more focused on meeting compliance requirements through entitlement and role management, and finally IT operations look at the operational efficiency that can be obtained through automation and self request of access rights.

BMC was one of the first vendors to introduce “User Provisioning” with its Control-SA product line, which has since evolved into a powerful IAM solution.  As a result of that product line, we have adjusted our definition of IAM through the years.  Finally, with the coming of age of the IT Service Management market and the introduction of Business Service Management (BSM), the focus of IT management has shifted from IT administration to the efficient alignment of IT with the business.

Customers adopting BSM as an IT strategy are doing so to reach operational efficiency for IT, ensure IT objectives are aligned with business goals and compliance requirements, and improve end-users experience and satisfaction. Can IAM help an IT organization achieve operational IT efficiency?  Of course!  Improve customer satisfaction?   Yes!  Help comply with regulations?  You bet!   Like the four men and the elephant, by taking off our blindfolds, BMC has placed IAM correctly as an integral part of a larger BSM strategy, and not some set of standalone solutions to disconnected point problems.

As CTO of BMC, customers often ask me how they can integrate their BSM and IAM initiatives.  In this way, they are effectively validating our approach and helping us refine it. Moreover, with the publication of ITIL v3 last year, it was finally acknowledged that “Access Management” (aka IAM) is part-and-parcel of Service Operation, alongside Incident, Problem, Request and Event Management.

For the last several years BMC has been actively engaged in integrating IAM into its service support framework (a core component of our overall BSM offering).  If BMC’s recent financial results are any indication, this more integrated approach has been enthusiastically embraced by our customer base.  We see the IT market shifting to BSM, and much greater acceptance to our vision of IAM being part of BSM than as a standalone offering.  There really is one elephant with multiple parts.