December 23rd, 2011 | John Havers | Posted in: IAM Business

Stay Hungry. Stay Foolish.

This is the time of year where we all reflect on the year that was, and what may come in the year ahead. This year, we lost an idol with the passing of Steve Jobs. This morning, I watched his now famous Stanford Commencement Address, (again), the text of which was published by The Guardian newspaper.

This picture, with caption, is the Steve Jobs I will remember:

Deep thoughts aside, I'd like to wish you all a marvellous holiday period with your loved ones, and extend my best wishes for a successful and prosperous 2012, or as the Lawyer said, " I also wish you a fiscally successful, personally fulfilling and medically uncomplicated recognition of the onset of the generally accepted calendar year 2012, but not without due respect for the calendar of choice of other cultures whose contributions to society have helped make our country great (not to imply that Australia is necessarily greater than any other country) and without regard to the race, creed, colour, age, physical ability, religious faith or sexual preference of the wishee".

Back to Steve. One of his characteristics that I've always admired was his total disdain for the status quo (foolish), and an obsessive focus (hunger) on doing things better; thinking different. As the year end approaches, and out of respect to Steve Jobs, the list below is the little bit of Steve that we've applied to First Point Global:

  • Too often in IT we exhibit a crowd mentality, and go from one fad to the next. Sometimes it helps to pause and ask yourself some questions. There was lots of talk in 2011 about IAM suites. Without any particular outcome in mind we began searching outside of full suites about five years ago. We were looking for solutions that weren't being addressed by the full IAM suites, which is only natural when one has customers who are struggling to address issues, like SOX compliance. Suddenly, five years down the track, we find ourselves representing a whole bunch of companies that were started by really smart people; the same people who came from the big companies that pioneered the IAM suites. Could it be that we were subconsciously wanting to become software resellers? No, that wasn't the case at all - we wanted to do things better. Our Partners page is not a catalogue of products. It's the result of a relentless pursuit of people with ideas who can make a difference for us and our customers.
  • With all that said, many customers continued the trend of buying the IAM suites. A Gartner report entitled "Good Night Suite Dreams" was published on April 1, and it debunked the myth that the IAM suite is better, has better integration, more functionality etc. This contrasts with reports from The Aberdeen Group, which quantified the cost savings associated with the Oracle IAM suite. Confused? Don't be. If it's important to you to have a relationship with a large, successful company, and use all their stuff, then go down the Oracle path and you'll get inward integration - "disk to memory". If your IT environment is heterogeneous, then maybe an "outward integrating" solution is your best approach.
  • Late in 2011, it occurred to us that this whole suite versus best of breed debate was reminiscent of the open systems wars of the 80s. Questions being asked at the time were, "Is UNIX as robust as VMS?". You can either place your IAM future in the hands of a single vendor, or you can shop the market for the best "things" around. Sun had a tagline circa 1985 of "Open Systems for Open Minds". We proudly use that as the header for our Partners Page. Just as open systems enabled small companies to innovate and interoperate with UNIX in the 80s, standard interfaces like SAML, SPML, and XACML allow the same capability in IAM products. It's nice to know we're not the only people advocating this approach. In 2011, Bank of America, Societe General, PayPal, UBS, RBS, and Boeing all bought open systems, or point solutions (as the disparagers call them) to solve important IAM problems. Foolish?
  • In 2011, we joined the OASIS group. I think we're the only Australian boutique integrator which is an OASIS member. What an amazing organisation. Some of the best IT brains in the world  are working on ways to solve the next round of IAM problems, with innovation and interoperability at front of mind. It's been an eye opener to see how this process works, and work in progress at OASIS clearly heralds that the days of proprietary IAM suites are numbered. As Molly Meldrum would say, "do yourself a favour and take a look at OASIS".
  • Early this year, I read a paper by Bob Blakley of Gartner. He spoke of Pull Based Provisioning and Attribute Based Access Control using XACML. His vision flew in the face of everything we knew. I wondered what Bob had been drinking. You buy a provisioning system. You spend millions making it work to your target applications, and you implement Role Based Access Control - that's how it's done. Then I saw an Axiomatics XACML demonstration using ABAC.  I was shocked. The system could simply pull attributes about a person, then grant access according to current job role, location, time of day, environment - you name it, without having to change a single line of code. As Gerry Gebel, President of Axiomatics Americas says, "Life is too short to spend a day without SAML and XACML".
  • We've been beating the SailPoint drum for over five years now. I'm pleased to say that Gartner published their Identity and Access Governance (IAG) Magic Quadrant this month, and SailPoint is the leader. Not just a leader. The leader. Congratulations to the SailPoint team, and G'day to Kevin Cunningham (president and founder of SailPoint) who's spending Christmas in Queensland this year. Kevin has become very fond of Australia, we guess as a result of numerous trips down here meeting the many "foolish" customers who placed their bet on the capability of the SailPoint team. Welcome back Kevin!
  • In 2011, we stopped ignoring the problem of identity management on UNIX platforms. As Forrester said in their end of year wrap up, Microsoft's AD has become the defacto standard enterprise directory. We found Centrify, who built a marvellous product that allowed an AD systems admin to manage rights and permissions in UNIX using AD admin tools. So we've brought Centrify into our portfolio, and it has solved two really big problems. First, AD admins can manage UNIX - great. Second, as an IAM integrator, integration just got a whole lot easier, as all we need to do now is provision to AD. This makes a whole lot of sense, and the benefits are clear when you pause and think about it.
  • We've seen some amazing apps emerge for the iPad and iPhone this year. Our friends at Layer 7 stopped and thought about the security implications of these "mash ups". 2011 saw the convergence of good security practice and convenient API management in a single package. The innovative developers gained access to the APIs needed to build mashed up applications, while the security managers were able to control "who had access to what". Congratulations to Scott Morrison (CTO, Layer 7) and his team for delivering the goods which will continue to enable sizzling applications, while allowing us security-minded folks to sleep at night.
  • This year, we worked on a number of Federation projects. Our co-founder, Jan Zeilinga, did a stack of federations for clients. In fact he was so busy with our ForgeRock OpenAM customers, that he nearly finished his White Paper entitled, "Federate in 4 hours". Keep an eye out for that in the new year. Hats are off to ForgeRock for continuing the evolution of OpenSSO, arguably the best integrated access control and federation product on the market.
  • I say arguably, because this month we shipped 99 copies of ACF-B, First Point Global's own "Access Control. For Beer" product. We shipped it to many of our customers in Australia and overseas, and if yours didn't arrive, please let me know, and we'll fix that.

So that's a wrap folks. Thank you for your friendship and business this year. It's been lots of fun, and I'm itching to get back into it in 2012. Have a happy and safe festive season.

John and the First Point Global team.



Share Article

Stay Connected

First Point Global LinkedIn Follow First Point Global on Twitter (fpgidentity) Subscribe to the First Point Global RSS Feed

Archives by Month

Archives by Category

About First Point Global

From the innovative identity and access management solutions we propose, to the technology companies we partner with, to the way we design and deliver projects, everything we do at First Point Global is aimed at creating sustainable business value for our clients.