Creative Destruction: The Case for Identity and Access Management
Sixty years ago, Austrian economist Joseph Schumpeter adapted some of Karl Marx’s analysis of capitalistic systems and developed the so-called ‘Creative Destruction’ theory. The gist of the theory is that creativity is the force that gives birth to an innovation, whereas innovation destroys the existing disposition of power; companies possessing technological, organizational, or regulatory innovation outperform their competitors. Innovation leads to competitive advantage and monopoly power in the short run. However, in the long run the propensity for creative destruction promotes constant search for advancement, profit maximization (at the micro/company level) and economic growth (at the macro/national level).
The power of innovative advantage can be illustrated using the following comparison: in the industrial economies (before 1950s for western markets) distribution fell into the 80:20 ratio, where 80% of market wealth was accrued by 20% of companies in the market. However, in some branches of the post-industrial economies this ratio can go to 95:5 and even to 99:1 (companies like Amazon, eBay or Facebook can be referenced here). Competitive advantages that led to such ratios vary, but they all are based on the IT-related innovations, whether it is a Web-based business model of the dot-com decade or API-related indirect communication channels of today’s ‘app economy.’
So, what does the Identity and Access Management (IAM) space have to do with the Creative Destruction concept? The answer is two-fold:
- On one hand, the IAM space by its own nature dealt – and continues to deal – with a huge number of big, breakthrough concepts and technologies. This started with the adoption of LDAP (Lightweight Directory Access Protocol) in the mid-1990s, followed by directory virtualization, and, finally with today’s buzz concepts of federation, cloud computing, and social networking. This has found its way in a fact that modern IAM / Identity and Access Governance (IAG) solutions which are based on the aforementioned innovative and best-of-breed technologies can handle complex tasks such as advanced self-service password management, cross domain single sign-on or on-the-fly provisioning to the cloud. However, this is only the first part of the answer.
- Unfortunately, there exists no universal IAM / IAG solution that will directly increase your innovative advantage and boost you into that 80:20-ratio category solely on its own (or the 1% bracket especially). Nor will a single piece of technology make you a leader in your vertical. IAM’s functions, however, are not limited to IT security only and this is another aspect why IAM is important. At a conceptual (and very general) level, most enterprises fall into the model pictured below that portrays several functional layers:
- Layer 1: The external layer is where customers meet products and services.
- Layer 2: The processes layer is where numerous business processes (revenue, procurement, HR on/off-boarding and review processes, reporting, etc.) that support the external layer reside.
- Layer 3: Finally, this is the layer that hosts IT architecture, platforms and applications that enables the smooth functioning of the two upper layers.
IAM’s role in this three-layer system can be multi-facetted: it can be considered as one of the business processes within layer 2, part of the layer 3 security architecture or (as the graphic illustrates), IAM can build its span integration ties between all three layers. This integration view is probably the most accurate as both products/services quality (layer 1) and business processes execution (layer 2) rely heavily on the IT level (layer 3) necessitating application and platform availability. It is where IAM processes step in and—through stronger security, enhanced compliance and more efficient administration—ensures better integrity of the enterprise ecosystem outlined below.
Figure – Functional enterprise layers and IAM
However, the introduction of something like a new, innovative service introduced within layer 1 or new application / platform adopted in layer 3 can often not achieve the expected business result r return on investment. This is not necessarily because the innovation is “bad,” but simply because employees do not get appropriate and timely access to the new, innovative service or application.. This is precisely where a properly developed and implemented IAM solution / process plays critical role in creating improved business efficiency, better system integration, and eventually a higher ROI. In this sense, IAM is truly an enabler of not only successfully adopting new technology and services, but also an important tool in recognizing the maximum value of those investments.
Finally, as business process innovations (layer 2) start to be perceived as important as product innovation, efficient IAM that uses synergies of underlying technologies will promote increased agility. This recognition is helping enterprises adjust to dynamic business models and support changing corporate goals. Adaption of the IAMaaS (IAM as a service) that we are witnessing today is a perfect example of business process innovation which is based on the destruction of a traditional on-premises IAM model that became possible because of cloud technologies creation.
The greatest thing about any good theory is that it holds true over time (and is applicable in heterogeneous environments/verticals). If Schumpeter’s analysis is applied to today’s IAM realities, it becomes obvious that it remains more than relevant as well as provides practical implications. As stated above, there is no ‘one-size-fits-all’ enterprise IAM solution, but sound IAM processes that strategically leverage the advantages of cutting-edge technologies can play a key role in your business’ competitive advantage. In the end, well-grounded IAM strategy based on proven philosophical and analytical approaches will contribute to your company’s ability to position your organizaiton more competitively in the market.