Matt questions the value/feasibility of providing identity services in a Software-as-a-Service format, since there's a difference between apps and infrastructure. Infrastructure, he argues, must be "appropriately integrated into the enterprise premises and processes". He continues to argue that identity services in a SaaS format can't ignore on-premise apps in favor of identities in the cloud, and mentions the traditional concerns around "outsourcing" compliance and security.
Ironically, I had an interesting conversation just yesterday with an industry colleague regarding the exact issues mentioned by Matt, where he presented some new emerging paradigms in the 'Identity as a Service' world, including what he dubbed "Enterprise Looking In" and "Enterprise Looking Out" (more on this in future posts). Here are a few questions/direction for the conversation (more questions than direction)...
- Let's nail down the definition of 'identity services'. If not for the industry at large, at least for this conversation at hand. In my opinion, a lot hinges on that.
- Is the notion of 'Identity Services' in a SaaS format an either-or paradigm for on- and off-premise apps?
- Can technology help blur the internal vs. external line? Does this lead to a new category of infrastructure?