Through the Looking Glass: IdM in 2012

I don’t know about you, but this is my favorite time of year. Beyond the hustle and bustle and joy of the holiday season, I enjoy this time of year in business because of what it means: a time to reflect on the previous year, the rush to close out year end deals, and a chance to think about what the next year will bring.

As I think about the coming year, I wanted to share my annual predictions for the IdM market in 2012:

  1. Identity Governance Gets Proactive: When we first brought identity governance to the market several years ago, most customers were focused on addressing immediate compliance or audit issues. Now, as those same organizations are several years into their deployments, I see more IT organizations moving to adopt preventive controls to block violations or inappropriate access at the point of request. Even more encouraging, we are seeing clients using risk scores to drive the prioritization of remediations and frequency of certifications, focusing controls where risk is highest. I predict proactive identity governance will help companies reduce the burden on compliance staff and improve audit performance.
  2. Auditors Wake Up to SaaS: One of the most interesting phenomena I’ve observed over the past year is the extent to which IT auditors continue to exclude SaaS applications from their audit scope. As SaaS applications become more broadly deployed in mission-critical parts of the business like HR and finance, companies are placing themselves at increased risk for fraud, privacy violations or data breaches. I predict that 2012 will be the year that enterprises wake up to the risk of placing sensitive data or transactions in the hands of a cloud service provider without effective controls over who has access to what. A major data breach will certainly get everyone’s attention!
  3. Provisioning Gets Slimmer – and Simpler: I’ve heard several analysts talking lately about provisioning “bloat” and the damage done by overly ambitious provisioning projects that never delivered on the promised benefits. As we enter 2012, I think we’re at the end of the age of bloated provisioning and are embarking on a new era of “slimmed down” provisioning that is easier and faster to deploy. We are seeing many clients implementing self-service access request with manual (non-automated) fulfillment via service desk or manual methods. And many clients are deploying provisioning on SailPoint’s identity governance foundation, which allows them to leverage business-friendly entitlement catalog and well-defined policies to simplify workflow and rapidly implement self-service.
  4. Proving the Business Outcomes of IT Decisions Remains a Top Priority: It’s no surprise to anyone that we are living in a time of constrained budgets, but enterprises continue to invest in technology despite that fact. In most organizations, projects are being scrutinized even harder and require more justification than in the past. Regardless of what happens with the economy in 2012, I believe businesses will continue their careful scrutiny of IT investments. For this reason, IT organizations will need to learn to communicate and sell the business case for any large-scale IT project (including IdM) AND prove that the promised ROI was realized. (My cofounder Jackie recently wrote a great blog on this very topic.)

These are just a couple of my thoughts for next year. I’d like to hear your thoughts. What do you think will happen in the IdM market next year?