The RSA conference always serves as one of the two or three windows that the identity community uses to launch new products (the other two being Burton Group's Catalyst and our own Digital ID World conference). As such, the weeks leading up to RSA always feature a spate of new company briefings. These briefings span the spectrum from "good" to "bad" to "says something about how the identity market is developing." Last week, I ran across one of the latter.Tapping into the SMB market has long been the bane of large software vendors.
Steve Slater is the Co-founder and President of Security Compliance Corporation ("SCC"), a startup that's focused on solving some of the compliance challenges that focus around validating user access to applications. Last week, he briefed me on SCC's Access Auditor and how it is solving some key compliance needs. The deluge of regulations around compliance (GLBA, Sarbanes-Oxley, etc) has served as a primary driver for identity adoption in recent years, especially for large, public companies. What hasn't been addressed as frequently is the compliance needs of the mid-sized enterprise.
SCC found in The PMI Group a client that fits that bill. The PMI Group is a mid-sized financial services company that has some fairly stringent compliance reporting requirements. They also have an environment that spans legacy (mainframe) systems and a multitude of applications. What The PMI Group does *not* have is the size of organization that they feel justifies a full-blown identity "suite" solution (and the accompanying compliance benefits). In short, the price tag and complexity of implementation of these systems outweighed the benefit of complying with financial regulations.
SCC provided The PMI Group with a solution that covered A) the requirements, while B) adhering to cost and complexity guidelines. This sounds like every good market research, product management and product launch story, right? Yes, but I think its also much more.
SCC's story betrays the beginning edge of the adoption of identity systems by the mid-size organization. Last year saw BMC and IBM launch identity products aimed specifically at this segment, and if SCC is any indication, we'll see more of the "big suite" vendors do the same.
Tapping into the SMB market has long been the bane of large software vendors, but that doesn't mean that independent, best of breed types don't have relative success. Their success comes from their ability to quickly answer a growing surge of mid-size customer demands — demands that *always* focus around ease of implementation and ease of administration/use.
Stories like SCC mean that the focus of product management groups inside of the larger identity vendors is about to change. That story will shift, in accordance with market demand, from providing an integrated shopping list of functionality to providing a solution focused on a customer's experience of implementation and use.
That story is a sign of an identity market that is vibrant and expanding. That story will become one of the primary themes of identity management products throughout the coming year.
