This week I’m over in London meeting with customers and partners at the Gartner IAM Summit. Gartner analyst Earl Perkins kicked off a packed conference this morning with his keynote address, “Enabling Governance and Risk Management in an Age of Business Challenges.”
A couple of points made by Earl rang in my head like Big Ben. He opened by saying that managing access and entitlements to mitigate risk is at the heart of IAM today, and went on to point out that the need to truly understand risk is driving the convergence of IAM and GRC – and I believe he’s right.
I always sit in the back of the room at these events, mainly to get better access to electricity and coffee – the power for machine and body. From here I have a great view of the attendees’ reactions. When Earl said that his view of the best “success practice” (rather than “best practice”) for IAM has to be a wholesale view of the business implications of identity, and establishing “principles of privilege” that drive transparency, I saw a sea of nodding heads.
At one point in his presentation, Earl focused on IAM technologies. He discussed the balance between process and behaviors for reducing risk, and showed a great slide illustrating that provisioning, identity audit and role management are behaviors. I particularly appreciated that he was careful to clarify that while provisioning vendors may provide role management and identity analytics, both are very separate products and processes from provisioning.
One final takeaway from Earl’s presentation regarding the use of the term “policy” when discussing IAM and GRC technologies. Earl advocated for the use of “technical access policies” instead of the generic “policy.” Particularly as vendors in this space interact with more business users, I agree with Earl that his term is more accurate, and have started to adopt it myself.
With Earl’s great keynote, the IAM Summit is off to a great start.