When you're in the midst of analyzing a number of trends and indicators about markets, technologies and other areas of responsibility, it is possible to miss some of the more obvious occurrences in the industry - events my mother would call "common-sense" conclusions. I'm struck by how little the identity and access management suite concept matters to customers.

I realize this may be heresy and some of my vendor colleagues may be unhappy with me, but I've noted buying decision habits by a considerable number of clients across a broad spectrum of industries and enterprise sizes, and one conclusion keeps arising - there is often little or no connection between what initially leads clients to identity and access management (such as role restructuring, single sign-on, account provisioning, fine-grained authorization administration) and the decision to buy multiuse functions of a suite rather than addressing those initial needs with a point product from that suite vendor or a dedicated product vendor. Few customers think in terms of a suite. They don't view their identity and access management issues in terms of identity administration plus access management, or identity verification melded with identity auditing, though sometimes the business drivers lead them to a solution that can be addressed by two or more suite components. In fact, many identity management decisions still appear linear rather than concurrent or multithreaded.

Should that be the case? Isn't it important for customers to think of the broader issues of identity and access management across platforms, applications, and data and the concerns for access and protection that might lead them to an integrated view of administration and enforcement of the kind suites provide? Perhaps. But the real question is what drives customers in the first place to be worried about identity-specific issues, or access-specific issues, and at what point in their IT road map. What are they able to provide for their infrastructure at that point versus what they wish to provide, and what can they justify in the context of their information security strategy? If this aligns with the idea of a suite, then perhaps the rose can bloom after all.

In the meantime, we must face the fact that identity and access management suites are primarily aggregations of convenience, capable of providing licensing discounts and streamlined maintenance environments for customers. But as an evolutionary step in integration or as a means of smoothly interlacing successive layers of identity services for a customer - I'm afraid not.