Introduction to "Dial it Down"
“Dial it Down” is my attempt at steering the dialogue around Identity Management back to what's really important, which, in my humble opinion, is solving real customer problems. After all, customers are and should be the primary reason we're even having a discussion about Identity Management, yet it seems like the majority of the discussions happening in the blog community and industry at large tend to focus on largely academic conversations about utopian solutions, or how certain components of an identity solution should be positioned or marketed. As intellectually stimulating as these discussions may be, many of them provide little practical guidance for real customers that are embarking on the long road of implementing some type of identity management solution.
Take the GRC discussion, for example. When I meet with our customers to discuss our roadmap and theirs, and listen to their requirements for their particular deployments, it's safe to say that they have never asked us when we are planning on solving their 'Governance, Risk and Compliance' problems. The term simply doesn't resonate with them in any practical capacity. I think most of the analysts are right when it comes to the topic of GRC; it's not a problem that can be solved by technology alone. However, the overemphasis on what is and isn't a true GRC solution isn't helping solve the problems companies are facing when managing their risk and ensuring compliance with regulatory concerns and their own internal policies and procedures. In other words, any prolonged conceptual discussion of GRC distracts us as an industry from solving some of the very real problems that our customers are facing today.
This begs the question, what should we be focusing our attention on? The answer to this question is very simple: we should be listening to our customers. This is not to say that every customer has a problem representative of the entire market; however, every customer is in a unique position to share their individual challenges around managing large numbers of users in extremely heterogenous environments and ensuring compliance across their respective organizations. Customers are worried about reducing costs, increasing productivity, ensuring compliance and avoiding fines; they really have no interest in a debate about whether or not attestation capabilities belong in a role management solution, or if provisioning and role management are two separate problems.
That said, what's one of the major problems our customers are facing today? Usability is a big one, especially in terms of a provisioning solution. This is obviously a solution or product focused issue; however, at the end of the day, this is what customers are using to solve very real problems related to user access and compliance. They're looking for a good answer to the question, “How can I delegate administration or policy definition down to the business users that should really own those processes?” This is where usability considerations become paramount. Whatever the solution may be, it must be easy to use and understand, even for the business user with little IT acumen.
