As I have been posting for a while, I believe that Identity Management will evolve, during the next few years, from a pure “control point and compliance”-based approach towards an approach that will increasingly factor in the management of Risk.

Decision makers (CIOs, CISOs, etc.) are shifting from a “compliance management” mentality to a “risk management” mentality, when making investment decisions on IT security solutions. Their investment decisions (including the ones on Identity Management) are going to be increasingly questioned, due to the shrinking of resources available. Hence the need to prioritise based on real business objectives and needs.

I am glad that Burton Group is now making some statements in the same direction, as it is possible to evince from this article:

“Identity management is evolving to include a closer recognition of risk and how to manage it rather than trying to eliminate it using technology, according to the head of the Burton Group consulting firm.

“Companies are looking at controls from a risk perspective instead of trying to control everything,” said Jamie Lewis, CEO of the Burton Group during the opening day of the firm’s annual Catalyst Conference. “It is about people managing risk and not about technology trying to make risk disappear.””

I believe there is a whole new set of research and commercial opportunities in this space (i.e. beyond compliance management and control points), whilst traditional Identity Management solutions are becoming more and more a commodity.

--- NOTE:  use this mirror blog if you prefer posting on an external blog site  ---