CEO Interview: Markku Montonen, RM5 Software Oy

In certain areas current generation's vendors have created poor results in forms of complex solutions, poor project performance and high costs. Customers are demanding something different. New emerging technologies and vendors are bringing a new approach and tools into the market. Cloud computing and software as a service provide an opportunity to introduce a new business model to design, develop, deliver and source business and IT services.

Expanding your business with increasing type and number of external business parties is a major trend in every business. This leads to a shift from protecting your business to enabling your business. More and more business products, services and operations are digitalized and delivered as an e-service. This will position the Entitlement Management - who has access to what - one of the top priorities on CxOs' plate.

Each organization - one a way or another - has more or less the same value chains: enterprise domain - business to production, life-cycle domain - design to support, value chain domain - from suppliers to customers together with all-embracing collaborative infrastructure.

Companies have been trying to get under control authorization of internal and external users for internal services. As some have succeeded in this, they are now facing the same issue with Cloud Computing. How to manage internal and external users and their entitlements for external services?

Thus even a small to mid size company can easily have dozens of business information systems in which one has to be able manage users and their entitlements. Prevailing practice is to do it in each of the system individually and separately. This leads to duplicate activities, laborious processes, access problems and higher costs.

With Entitlement Management you can centrally enable, manage and control service, organizations, users and their entitlements for different business applications, e-services as well as non-it resources. For many companies a possibility to introduce a shared service with life-cycle approach for request and approval processes, delegated administration and multi-dimensional reporting and auditing capabilities will provide for the first time a complete picture of business ecosystem. This improves organization's access governance, enhances risk management and can be a key system in achieving compliance with applicable regulations.

The real business goal for entitlement management is to have confidence, that a business stakeholder with a single identity only has access to the business resources for the tasks they have been assigned to and for which they are legally entitled to. This is the ground for which the identity and access governance initiatives and systems are based on.

It is really a different business challenge to manage on-boarding, off-boarding and re-boarding of external user population of hundreds of thousands or millions users scattered around in hundreds of thousands organizations than just internal users. The only way to succeed is to base the identity and access governance solution on your business model and relationship between different parties. We will be seeing more and more a multi-service provider and multi-service customer business cases. Like in an industry cluster multiple independent, but business related companies provide services to multiple customers with shared, over-lapping users, processes and information systems.

In the future no organization can develop their business or IT service portfolio in isolation. To achieve business compatibility everyone should put emphasize on how to standardize, develop, provide and source new services in business triangle of Identity Provider providing identity services, Service Provider providing business services and Service Customer using these services. This is still un-mature zone and standards, practices and tools need to both developed and bring into use. As this can get complex, one should have a working entitlement management model and system that is designed to manage relationships, services and data between different parties.

Today majority of solutions are still mainly unconnected. When developing or sourcing new services one should target to standard based services that can be shared among business units and which share each other's services.

What we will be seeing in the future are SaaS service stacks containing composition of services forming a fully functional business service. The service provider may collect individual services from several providers. As an example, Saas your IDM stack: authentication as a service, access management as a service, federation as a service and at the bottom entitlement management as a service. This trend will eventually enable new market players that will piece together new type of business services based on ever changing customer needs instead of fixed software solutions.

This will require a major shift in attitude both in vendor and customer side. For vendors it means that they will discard the brilliant DIY (Do-It-Yourself) approach and start focusing on perfecting core capabilities and leveraging available best-of-breed services for common service functionality from emerging industry players. Customers are more prepared for this change and the criteria are obvious.

Taking a new approach by aligning entitlement management with business model and empowering business stakeholders is the key to succeed in managing who has access to what in your business ecosystem.

As Entitlement Management is one of the most urgent issues each organization should start preparing them for the new era. Or combine that with Cloud Computing and make a perfect case.

This interview was published in SIIA's Vision from the Top, a Software Division publication released at All About the Cloud 2011.