Digital ID World recap, part 1

In the wake of Digital ID World, Eric begins to ruminate on "what he learned."

A recap, part 1

With Digital ID World in the books as a success, I always like to take a look back at "what I learned." As an organizer of the conference, Digital ID World is always a whirlwind experience for me, but I find that as I look back on it every year a few key themes emerge. A bunch of other stuff has been written by other folks that were there, and I encourage you to read their thoughts as well.

What I learned about the identity marketplace

As Jon Oltsik pointed out, the identity market is now a serious proposition: real companies that have moved beyond *thinking* about identity to deploying large scale projects. This year's show demonstrated not only the sheer quantity of companies "doing" identity, but the *quality* of knowledge companies now bring to the table. This is not to say that all of identity technology has "crossed the chasm," as that's clearly not the case. Rather, some identity management technologies are now moving into the mainstream (technologies like provisioning, access control, E-SSO), while other technologies are still either attaining critical mass (via successful deployments) or emerging out of community efforts. Interestingly, not a single enterprise I talked to would subjugate their identity project under the banner of "security." If anything, identity's compliance, productivity, business process and security drivers subjugate *security* under identity.

Bottom Line: The "identity market" is a definable, growing, stable marketplace, and not simply a subset of "security."

What I learned about identity's "big players"

While the expected "big guys" were at the show (and by that I mean all of the application-layer identity management players), it was interesting to note that both Symantec and Verisign had some significant "stage time." Symantec has previously announced its interest in the identity market, and Verisign has been active around its Verisign Identity Protection network, but both companies showed something different this time around.

Symantec's Rob Clyde spoke extensively about the intersection of identity and "network access control" - what he termed "end point security." He also dove into compliance as a major driver for identity adoption. Both of these seemed to point to possible areas of movement for Symantec in the future. Am I betting that Symantec's presence at next year's Digital ID World is significant? Absolutely.

Verisign, on the other hand, had Mike Graves (their CTO) on stage speaking to the intersection of identity and the tools of the end user (blogs, wikis, social networks, etc). The shift in emphasis is notable: In the past, Verisign's message would've been based solely around identity fraud, but now their work is being done in the area of enabling users.

Bottom Line: The stable of existing "big players" in identity (Microsoft, Sun, CA, Novell, Oracle, etc.) should expect that others are about to join them in a significant way (Symantec, Verisign, Cisco, EMC, etc.).

What I learned from attendees

I always try to spend a huge chunk of time talking to attendees at the show. The reason is simple: they are the true value of what's there; my actual "customer." Attendees this year seemed to sound a unified theme to me: vendors don't sell "solutions," they sell products that are a piece of an overall identity-based solution. Vendors will, of course, tell you differently, but the *customers* are pretty clear about this -- they come to Digital ID World to hear their peers (other enterprise IT folks) talk about how they solved their problems. In no case is that "solution" simply "buy product X, install."

Bottom Line: While "walking the floor" and learning about products is important to attendees, those products are part of a larger "solution" -- one they realize that they'll only find by hearing from their peers.

Look for part 2 of "What I learned at Digital ID World" in the next few days...