Trends 2012: Identity Management in Age of the Cloud, Mobile and Social

Face in the cloud Identity management is going beyond managing passwords and resource permissions. It’s now also about productivity and mineable business data. And this expansion of scope could soon lead employers and employees into conflict. And that’s not to mention the number of companies that want to find ways to leverage this data for their own profit.

The whole concept of identity is changing. Due to easier access to data, identity’s meaning increasingly relates to the multiple providers and apps that an individual maintains. And the individual generates data with a richer potential for analysis and different associated values.

For a while it seemed like identity and access management was going to get easier. An enterprise vendor could promise Active Directory/LDAP integration and IT could happily control everything from a single console. Each user had one desktop computer, and only a handful of employees and partners needed remote access via a VPN.

But today, users are accessing organizational resource from outside the firewall, on more devices. More users are telecommuting. Users may have a desktop, a laptop and a smartphone. The smartphones may be either company owned or employee owned. There are more cloud applications being used, adding to the complexity of managing identity and access.

It’s not just IT that has to deal with this headache. Add to the equation fact that professionals are using tools like Evernote, MindMeister and Remember the Milk to manage their individual productivity, completely outside of the enterprise system. These sorts of applications are becoming more important as the work/life boundary erodes and employees need common systems to manage both personal and professional tasks and information. So a professional has their own employer’s system, perhaps some partner companies systems that they have to access via VPN, plus their own personal productivity tools to manage. That’s multiple passwords, the need to copy and paste data from one system to another, etc.

There’s now more tied to the professional’s identity than just passwords and permissions, and companies are trying to mine value out of that data. In many respects, people leverage services to manage who they are in a personal and professional context. In this cycle,the providers and the individuals  are sharing data that gives each other new ways to relate and build communities that suit their own purposes.

The Value of the Professional Identity

Take the example of Salesforce.com, which has been using something that CEO Marc Benioff refers to as “Chatterlytics” internally for at least a year. It’s a way of analyzing an employee’s use of the company internal instance of Chatter and rewarding employees based on participation. Sameer Patel adds an interesting angle to Salesforce.com’s acquisition of Rypple:

This purchase, along with Chatter and Chatterlytics strengthens SFs control over exactly who is good at what inside the organization and allows them to federate this information into SF apps today and into AppExchange apps in the near future. That moves this intelligence data set to the front office and right at the point of employee decision making, as opposed to just HCM insight for HR professionals.

This suggests that employee identity is about to become much more valuable, since it’s not just going to be about keeping track of passwords and who has access to what. There could be actionable business intelligent in that identity data. So it will be more valuable to employers and to the companies, like Salesforce.com, that manage that data.

At the same time, the employee, now more than ever, has an interest in managing their own identity. Partially for the convenience of having a single sign-on across enterprise and personal productivity services. But also for the ability to present evidence of of one’s past accomplishments to new employers. And let’s face it – economic turbulence has employees bouncing from company to company more often than ever. Employers have a claim to their employees enterprise identity, and security and compliance mandate to protect certain data. But employees have a greater stake in their own data now.

On the other end of the spectrum is LinkedIn. LinkedIn has created a universal login and an app store that companies like Huddle are supporting. Although LinkedIn is really interested in the users’ data and how it can find value in it, the LinkedIn service is aimed at the employee, not the the employer. The employee can take that information with them when they move to another company. LinkedIn is even considering its own Yammer-like internal social network, which would leverage the fact that many of a company’s external collaborators (partners, customers, contractors, etc.) will already have accounts on LinkedIn. This could be great for employees, who will be able to keep their business network graph with them as they move from company to company. But it might not be welcomed by employers, who may not want to use a platform typically used by recruiters to poach employees as a core part of their internal communications and collaboration. None the less, some enterprise vendors, such as VMware’s Socialcast are already adding LinkedIn integration, and Discourse has built its entire business around LinkedIn.

I should also mention that LinkedIn integration could well be part of Salesforce.com’s plans for Rypple. There are obvious advantages to playing both sides of the employer/employee divide. But at the moment, Salesforce.com is for employers and LinkedIn is for employees. I think both companies probably want to change that. More on this later.

Google obviously wants a piece of this action too, and now enables Google Apps users to use other Google services with their Google Apps account, if their admin enables it. This gives Google more insight into what those users are doing that could eventually be leveraged by Google and the employer in some way. It also gives the user a single sign-in for all their services, and perhaps to other services that accept Google credentials for login. Google is also bringing in more enterprise integrations, including a partnership with SAP. Right now, Google seems more employer-centric in its approach to professional identity – when you leave a company, you lose your Google Apps account. But Google is more and more interested in identity, which is why it’s waging a war on pseudonyms on Google Plus. At some point personal Google Plus accounts will likely be explicitly tied to company Google Apps accounts.

There are many players, and some are more obvious than others. Matt Asay makes the case that Microsoft’s Skype acquisition could and should be more about identity than VOIP/universal communications:

Adding Skype, which only works if the two (or more) parties to a voice or IM chat actually know the identity of the person on the other end, can provide a real richness to Microsoft MSN user data, and also offers a platform for further mapping out identity online. I have been surprised by how mainstream Skype has become among older, less technically savvy people that I know.

To get a better sense of the players, check out Venessa Miemis’ list of identity management providers.

Bridging the Gap

There’s hope yet to bridge this gap between the employee’s interest in maintaining a consistent identity within and without the enterprise and the employer’s need to secure and mine employee data. Companies like Okta, which offers a service for easily integrating cloud services with Active Directory, are leading the way on this.

“Ever since the first user logged into the first mainframe there was an identity management issue,” says Okta CEO Todd McKinnon. He says that employees at Okta’s customers are asking whether it would be possible to tie their work credentials to their non-work credentials. One possible solution he suggests, though it’s not on Okta’s roadmap, is an integration with LinkedIn that would allow one login to be used for everything, but for all applications to fit under two different umbrellas – work accounts under Okta, other accounts under LinkedIn.

One of Okta’s competitors is VMware Horizon App Manager, which can also integrate Active Directory with cloud applications. VMware also has Horizon Mobile, which enables enterprises to create secure virtual machines on employees’ phones. These VMs can be remotely wiped by the employer if the employee leaves the company, without wiping the employee’s personal data from the phone (several other companies, including Zenprise, are offering selective wipe features for employee owned phones as well). As noted VMware’s social collaboration platform Socialcast already features LinkedIn integration. I see VMware’s acquisition of Socialcast largely as a part of its Horizon strategy.

This sort of multi-party solution makes the most sense, with employees controlling one portable identity (via LinkedIn or another provider) and employers controlling enterprise resource access (via AD or LDAP and something like Okta or Horizon), the flows of data into and out enterprise systems of record, and collecting potentially actionable intelligence. That’s still going to leave a large piece of the puzzle unsolved though, and that’s how both employers and employees interact with identity providers such as Salesforce.com and LinkedIn. Especially since it’s clear that both Google and LinkedIn want to be everything to everyone, and everyone wants to talk the data portability talk but few actually want to give customers full control over their data (see Google’s data liberation rhetoric vs. the actual practice).

We’ll be watching how all of this plays out in 2012 and beyond.

More Trends 2012 Articles

Identity Management in Age of the Cloud, Mobile and Social

With Big Data comes Big Expectations

Enterprization of the Consumer

Big Data Necessitates DevOps

Integration-as-a-Service

Photo by MOOSEPATCH

About Klint Finley

Klint Finley is a Senior Writer at SiliconAngle. His specialties include IT services, enterprise technology and software development. Prior to SiliconAngle he was a writer for ReadWriteWeb. He's also a former IT practicioner, and has written about technology for over a decade. He can be contacted at angle@klintfinley.com.