Oracle’s 11g Falls Short for Today’s Identity Governance Needs

For some time, I’ve been watching Oracle’s marketing machine tout the impending arrival of Oracle Identity Manager 11g- a reportedly “revolutionary” suite of IdM products. I saw the OIM 11g announcement this morning and spent more than a few minutes digesting its contents. I have to admit that I was curious whether Oracle would move the IdM market significantly forward. But if you were looking for answers to some of today’s most pressing identity management issues or innovative new features, I think you’ll find that the focus of 11g lies elsewhere.

At its core, the release is focused on “Oracle-izing” OIM and making it work more seamlessly with Oracle’s other software products. If you’re a born and bred Oracle customer and you’re comfortable being a few years behind in technology, then this might sit just fine with you. But if you were looking to address the modern era of governance and provisioning challenges, this release doesn’t do much to help you.

Secondly, from what I can tell, the major advancement Oracle is making in integrating its identity management offerings with each other seems to be largely at the surface level. They are promoting features such as “common install,” “common configuration management” and “common reporting.” Nowhere does it mention that they have resolved the multiple role models that exist between OIM and Identity Analytics, nor the multiple identity repositories the various components of the identity suite require. As an example, when roles, policies or identity data changes in one product, it must be manually “synchronized” in the other. These deficiencies and their associated challenges cause deployment headaches, increased complexity and are generally a major pain for customers.

Finally, it’s clear that Oracle’s strategy is to compete head-to-head with IBM, SAP, and Microsoft to be the leading integrated stack vendor. As a consequence of that focus, Oracle has prioritized integration features that “unite the stack” ahead of creating a seamlessly integrated IdM suite or delivering innovative new functionality to help customers address urgent compliance and operational issues. As a natural outcome of corporate priorities, Oracle has fallen behind in delivering integrated compliance, roles and provisioning.

Unfortunately for Sun IdM customers in particular, this is going to become painfully clear over the next year or two while Oracle continues the “Oracle-ization” of its identity suite (does anyone remember how Access360 went dark after IBM acquired it?). Oracle will first strive to rationalize the acquired technology into the stack, while “Sun”-setting others (like Sun Identity Manager). Given all this, it’s very likely that Oracle’s IdM technology will lag behind in functionality and integration between its components.

Most of the companies we talk to don’t have the luxury of waiting a few years to address today’s evolving governance, risk and compliance challenges. They have immediate business problems to solve and are looking for specific technologies to address them in the near term, not a long-term rearchitecture of their corporate infrastructure with the hope of someday addressing these needs.