In a recent article in PCMAG.com, an interesting graphic highlighted the market share of smartphone operating system preference.  Where are you located?  I’m firmly in the Apple iOS camp, grateful that I bought an iPhone a year and a half ago, rather than casting my lot with the Palm/HP WebOS.

I enjoyed the comments John Dvorak made today in his article “The US Smartphone Revolution”:

Overlooked in the commotion, though, is the transformative nature of the entire market. The whole world is looking at these changes. Wherever you go, the hip, trendy phone users around the globe will most often be seen with one of these North American smartphones. And to be honest the hippest of the hip will have an iPhone.

I find this particularly amusing, because I recall a constant barrage of anti-American accusations during the late 1990s, whereby we were told that the mobile phone world has passed us by. When I was doing Silicon Spin, a cable show for TechTV, guests would often arrive having just visited Japan, carrying some dingbat phone, such as the Docomo, and singing its praises. …

It’s expected that within just a few years the entire market will consist of varieties of smartphones, whose designs and operation were all invented in the U.S. and Canada.

It’s great time to be an American!  Yes, my Canadian friends, we include you!

Way back in September 2009 (it seems like an eternity in Identity years), I made a prediction that data analytics would begin to play a larger role in the Identity and Access Management market:

Advanced data analytics will bring value to many identity-based activities such as Authentication (historical “fingerprints” based on your patterns of accessing online resources), Context/Purpose (predicting preferences from your historical activity) and Auditing (who really did what when?).

Following my blog post this morning, Alan Norquist, CEO and founder of Veriphyr, dropped me an email which at least partially confirmed that prediction.  Alan referred me to an article by Earl Perkins of Gartner entitled, Time for Intelligence and Clarity in IAM.

A few excerpts:

Something interesting is developing in the identity and access management arena. It isn’t new– if you look closely, you’ll recognize it from countless other technologies and processes that progress to maturity. IAM is no different. What I’m seeing is the maturing of intelligence. …

One could even say that once that knowledge gets into the hands of the right people and they make actionable decisions with it, it’s no longer knowledge– it’s intelligence. …

IAM should be (among other things) about clarity. How do we make clear to the business that there is intelligence on those [IAM] logs, waiting to be mined, and that intelligence may make all the difference in their decisions? The best way is to deliver it, to provide that IAM intelligence is more knowledge for IT users to make IT users’ lives easier. IAM intelligence can be part of the business intelligence realm if properly analyzed and presented to the right audiences.

Gartner calls this “Identity and Access Intelligence.”  I am trying to get a copy of the full Gartner report on this topic.  I’ll comment more when I do.

The natural first question to ask when discussing Identity auditing is,

Who has access to what?

This question is naturally followed by,

Who granted those access rights, when?

More of my customers are asking a third question,

Who used those access rights, how?

The first two questions address the assignment of access rights to individuals; the third question addresses actual use of access rights after assignment.

Oracle has excellent tools to address the first two questions, but we currently lack a good solution for the third.

Why is this third category important?  Some things my customers ask for are:

1. Which users did not use an access right during the past quarter?  They may not need that right at all.
2. What patterns of access can we find?  This may help discover roles for provisioning and attestation.
3. What access attempts are anomalies?  This may help identify and remediate fraudulent use.
4. Where are potential vulnerabilities in my identity administration and access control methods?

So, where can we find solutions?

I have been impressed with a small startup, Veriphyr, that provides:

“an on-demand, pay-per-use analytics service that discovers user access vulnerabilities and privilege abuse on mainframe, midrange, Linux/Unix, and Windows servers. … Veriphyr analyzes identities, activity, and privileges to expose access weaknesses that enable insiders and intruders to capture, leak, or alter data through breach of systems, applications, databases, and networks.”

There is a broad category of Security Information and Event Management (SIEM) systems that address this area. In the Gartner Magic Quadrant report for SIEM systems that I downloaded from Q1Labs website, Gartner defines this market segment as:

Security information and event management (SIEM) technology provides two major functions for security events from networks, systems and applications:

• Security information management (SIM) – log management and compliance reporting
• Security event management (SEM) – real-time monitoring and incident management

SIEM deployments are often funded to address regulatory compliance reporting requirements, but organizations should also use SIEM technology to improve threat management and incident response capabilities.

Three companies in the leader quadrant of the Garter report are ArcSight, RSA and Q1Labs, but a total of 20 companies were covered in the report.  I am by no means a SIEM expert.  I have no idea whether Oracle will get in the SIEM game (and I couldn’t tell you if I did know), but I believe this is an important area for our customers.  It will be interesting to see what transpires.