When he takes the stage at the Cloud Identity Summit, Mark Diodati is going to tear down enterprise IAM. And he's not going to apologize for doing it.
All you have to do is look at the title of his presentation to see where he is going: "The Failure of Enterprise Identity and Access Management: Strategies for Thriving in the World of Hybrid Cloud Computing, Device Independence, and Social Networking."
Rest assured, however, Diodati is as much about reconstruction as he is about deconstruction.
He says three developments are conspiring to twist the brain stems of enterprise identity architects: cloud computing; bring your own device (BYOD), and the authentication and authorization of external identities. "When you put these three things together it changes the way we need to address identity management," says Diodati, a research vice president focusing on identity issues for Gartner. "When you add it all up it says 'what we have now is not working.' "
No doubt Diodati will rant about his identity bridge concept, which he asserts overcomes the limitations of traditional IAM to connect enterprise and cloud worlds.
The de facto enterprise workhorse of IAM, Active Directory - both on-premises and the hosted Azure version - will spark many questions in Diodati's scenario. "The addition of tablets and smartphones into the enterprise device mix exceeds Active Directory's management capabilities and there is an impedance mismatch using Kerberos across the cloud," says Diodati.
He says users will likely deploy mobile device management (MDM) products to satisfy new IAM requirements. But MDM doesn't have all of the capabilities that it needs, at least for now. Gaps include improved trust mechanisms for mobile devices and the ability to separate personal and business data on the mobile device.
"Right now we have a crude machete style of management for mobile devices from an authorization perspective," says Diodati.
In addition, users carrying those tablets and smartphones might not all fall under the purview of corporate HR, a development that comes as contractors and partners are getting unprecedented access to corporate applications, many of which are hosted in the cloud.
"All the classic identity management aspects for managing those users do not apply," Diodati says. Among other issues, he says, IT has difficulty authenticating new crops of external end-users and regulating what they have access to.
In July, Diodati plans to chop up the entire picture, examine the parts and explain what new pieces are needed to hold it all together.