Sorry to interrupt you attempting to set you Facebook privacy settings, but I have to tell you something. I’ve got me a new blog over at Gartner. You can get all my rambling goodness on identity management related stuff over there. As for the rants about privacy, they are likely going to stay here, but you never can tell.
Also, I am thinking of building a new version of Privacy Mirror to use the graph API. Any one have feature requests?
A while back we recorded some of the Burton Group analysts and consultants talking about a wide variety of topics. I thought I’d share them with you. So in lush mono and 2D, here’s me talking about:
So you’ve probably seen the news - Gartner is acquiring Burton Group. Looks like we’ll be kept whole in a variety of ways; see this note from Gene Hall. I’ll let you know more as I know. This does bring the number of analyst firms focused on identity, privacy, and relationships down to a very small number. It will be interesting to watch how the market responds. What is with Tuesdays in my life? 9/11 - a Tuesday. IBM buys Access360 on a Tuesday. Gartner buys Burton Group on a Tuesday. In keeping with this odd streak of Tuesdays, I think I’ll be at Toledo Lounge tonight - see you there?
Safe to say that these are extremely turbulent times. The mixture of wars, financial crisis and meta-crisis, election cycles, and a looming global recession have combined to form enough angst and fear that it makes emo seem like Elmo. And it is in these times that one could easly just pull the covers over your head and go back to bed. But in doing so, you’d miss some amazing opportunities. They say that necessity is the mother of invention, but I think that the “oh crap” moments are far more inspiring and lead to better, more useful innovations.
I am headed to this year’s Defrag conference and I pumped to do so. I didn’t get to go last year which I really regretted, and Eric hasn’t let me forget that either. I will be moderating a panel called: Can identity be a filter for information overload? Eric and I are in search of interesting people and points of view to include on this panel. On first blush, to me, this sounds like a discussion of the current state of personalization. Eric isn’t sold yet on that angle. I’d be interested to learn if/how personalization is moving from explicit declarations, “I like cake,” to something more implicit, “From examining your read RSS feeds, Computer thinks you like cake.” Putting on my enterprise identity hat, I start to wonder if my role and relationship to my employer has a hand in this. Again, this ought to be an interpretation of pattern and not an explicit assignment. I am a senior analyst at Burton Group focused on identity and privacy. I share interests with my team. Collectively this blob of information (feeds, groups, sites, etc) is likely to be of interest to us. Further, I am curious how my role and relationship combined with a Google Search Appliance or SharePoint can act as a filter. Finally, I can’t help but think of the privacy implications here. Traffic analysis can and will start to reveal my preferences, and there definitely are privacy implications to this. Add extra data to the mix, like location, and the privacy concerns grow quickly. (I swear there are moments that my iPhone seems eerily like HAL.) How does industry handle my contradicting desires to filter based on my identity (and here I am including preferences as part of my identity) while not revealing too much about me? What is too much anyway? Who gets to decide? At any rate, if you’ve got some ideas on the matter, please send them to Eric and me - operators are standing by.
I’m sure you’ve been following the Terry Childs case. Mr. Childs was a sysadmin in San Francisco who decided to change a few passwords and thus locked the city out of their new wide area network. Though it is still not clear why Mr. Childs did this, he had been recently written up for poor job performance. Among others, Matt Pollicove wrote about this and the need for trust. Matt asserts that trust is a must and I completely agree. That being said, the last two points in his post are mistaken. First he says:
My first post as a Burton Group analyst is now up over at the Identity and Privacy Strategies blog. (Helps if I actually link correctly… doh!)
I have interacted, both socially and professionally, with Burton Group in a variety of ways over many years. The quality of people, their integrity, and the quality of their work have always impressed me. In short, Burton Group is the kind of place I want to work for and the people are the kind of eccentric, entertaining people that I love being around. After a few years in the making, I have joined Burton Group as a senior analyst on the Identity and Privacy Strategies team. The first day at a new job is always a little gut churning. When that first day is the first day of the Catalyst conference it gets even more interesting. Today I found myself on stage with the rest of the team during the Identity Management market overview presentation. Stoically silent, I scanned the room for friends in the industry. Needless to say there were more than a few very surprised people. As my first real act as an analyst I recorded an introductory podcast - Not bad as an intro. Obviously, there will be more to come as I take on my research projects. Stay tuned!
Bob, Lori, and Gerry at Burton Group have confirmed what I had heard only in rumor: HP is effectively pulling Identity Center from the market. It will continue to focus R&D on its existing Identity Center customer but will not be actively seeking new ones.I’d love to have seen what the business case was for HP’s original acquisitions into the space and then the analysis to make this decision. Tough choices.
Compliance as a Service – Counter-counterpoint
Matt and Mark have both responded to my response. Matt writes:
Thanks for keeping us honest Ian! I would be pretty blind to claim that overall regulatory compliance can be solved with any IT solution (…or set of …or service of). But I didn’t make that distinction in my previous post. But, is that the basic point you’re making? …that IT compliance is a subset of overall Compliance? Or is there more to it?