Tuesday, July 01, 2008

SaaS-ish IdM

Matt F had some interesting things to say regarding my thoughts on why SaaS doesn't work for Identity Management.

I do agree with his point that most companies "are already outsourcing IdM – they just do it on a project basis" Let's face it, provisioning development is specialized work and it makes sense to let specialists do the work. To me this is the best argument in favor of combining IdM and SaaS.

However, looking back over the past couple of years with data breaches, Identity theft, etc, I still think that it makes more sense to keep everything under one's own lock and key.

Does this solve everything or protect the organization? Absolutely not, unscrupulous folks exist everywhere and keeping data local does not necessarily confer greater protection. However, if I were the person in charge of Compliance and Risk management, I'd want to be able to look at the auditors, police/FBI, Upper Management and lawyers after an incident and be able to say exactly what I did to protect my data and not say, "well the hosting company told me they were secure..." If the organization lacks the expereince of knowledge to properly secure thier infrastructure, bring it in, would be a wise investment.

No comments: