CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | NOVEMBER 20198CIOReviewBy Ian Glazer, Founder & President, IDProWithin the enterprise, the relationship between privacy and security gets rightly deserved attention. But neither privacy nor security professionals can fully address the challenges presented to them, because their default toolbox is incomplete. The tools they are missing are the stock-in-trade of the identity and access management professional - the very peers that are frequently excluded from the conversation. Digital identity is the primary way that privacy professionals operationalize the controls they need ; in particular the governance of who has access to what information. Furthermore, identity provides indispensable context to security professionals to help understand who is doing what. Identity's voice is missing from the table and this is most unfortunate. I believe this is in part because, unlike the privacy and security industries, identity has fully not professionalized.This is by no means to suggest that identity and access management practitioners are not professional in their approach: far from it! Consider, however, that privacy and security have professional organizations dedicated to the betterment of their industries and of those who work in them. These organizations provide a range of support, including professional development, shared good practices, certifications, forums for interaction, and provide a collective voice for their membersWhere can the identity management practitioner turn for advice? Vendors and implementation partners certainly can educate us about their products and approaches - and many of them do a very good job. Analyst firms can inform us about the market and in some cases, system designs and architectures. Local user groups can help as well. But this is a piecemeal and often biased approach.This lack of professionalization has real impacts on the identity industry - and, by extension, the business customers and consumers it serves. First, learning about digital identity is a long process. Most identity professionals I speak with share a similar origin story: they learned a specific product, then another, then another, and then had the experience and vision to generalize their knowledge. As a beginning identity professional, you often learn one vendor's user provisioning tool, another's a federation tool, and yet another's a privileged account management tool. And only with years of experience under your belt do you begin to fully understand identity management as a cohesive whole or even begin considering yourself as an identity professional.One of the reasons why learning to become an identity professional is so time-consuming is because there is no vendor-neutral body of knowledge for the industry. Without such a body of knowledge, it is difficult and time-consuming to build a new identity professional -- a problem compounded by the fact that there are no identity management curricula at the undergraduate level. Unless your organization is a professional services company, the best you can do is very likely to hand a new hire a vendor manual, point her to a few blogs, and hope Stack Overflow and LinkedIn have some answers. PROFESSIONALIZATION OF IDENTITY MANAGEMENT IN MY OPINIONIan Glazer
< Page 7 | Page 9 >