Learning from the Identity and Access Management Challenge

Earlier, I laid out the fundamental pillars of data trust and discussed the common qualities shared by different stakeholders with diverse definitions of trust. Understanding this context is critical to address the rapidly growing crisis of managing trust across diverse environments in an effective way.

Enterprise IT tackled a similar challenge with the management of user identity and authentication. The rise of multi-tenant and as-a-service applications resulted in enterprise organizations replicating and managing common user populations in a growing number of different and complex environments. The users were the same, but subject to change. The policies governing them were equally common, but also subject to change. The ongoing administration became extremely challenging at scale. The core issue was rooted in applications and information technology systems requiring their own copy of the bits and bytes while handling this information in a proprietary way to represent user identities and the policies governing them.

The untenable management of this model at scale suggested its own solution. So, what happened? The problem was flipped upside down. Enterprises of all types converged on a new architecture that established a system of record for user identity and authentication, making it available just in time via APIs to the applications and systems requiring them.

This platform architecture enabled: consistency in how a new application or system would onboard an enterprise user population, predictability in how that user population would be managed while there, and simplicity in how the enterprise governed their user population. Most importantly, now that the state of identity and authentication was managed in one logical place, enterprises could more rapidly onboard new technologies and solutions, taking them from ideation to value creation.

The value that this architectural inversion helped create should not be understated. Without this change, the broad adoption of SaaS and PaaS solutions would not have happened. This new information technology architecture catalyzed the Identity and Access Management (IAM) market, now worth over $10 billion annually and estimated to grow to $25-30 billion annually by 2023.

The similarity between the IAM challenge and the rising challenge of data trust management is the business problem itself: common business information currently represented by unique bits and bytes with proprietary implementations in each application and system.

The difference is the sheer scale. User populations are large, and in some cases, massive; however, they pale in comparison to the size of unique data objects within even a modest enterprise. Firms with 10,000 employees may have several billion unique data objects.

To make the situation even more complicated, the volatility of an enterprise data estate is drastically higher than their user population. Regulations like GDPR (European Union General Data Protection Regulation) and CCPA (California Consumer Privacy Act) complicate ongoing data governance. Looking into the near future, as more lines of business depend on connected systems and IoT enablement, each device-as-user also becomes a new data handling system, further exacerbating the problem.

The explosive growth of data, rapidly changing regulations and laws, and the need to enable the business with the best tools for the job has led to analysis paralysis when attempting to engage with new technology solutions. The need to manage the state of data trust separately in each of these systems has stifled innovation and efficiency. There are long review processes to validate a growing list of expert-level requirements for a new vendor to be able to possess, process, or otherwise handle sensitive enterprise data. These requirements and processes do not scale down for innovative small vendors working as partners to deliver on acquirer goals. Enterprises must perform a human-scale review of a machine-scale problem that can take more than a year to complete, and their results represent just that: a human-scale review of a machine-scale problem that, because it was conducted at a single moment in time, will soon be outdated.

In the conclusion of this series, I will flip this problem of trust management upside down to define a new solution that will scale to address the needs across today’s increasingly fractured landscape.

Part 3/4 Founder’s Blog Series: Trust Management


This is a long-form version of Adam Ghetti’s blog, posted originally by the World Economic Forum