Identity management (IDM) poses a particularly difficult problem for mid-sized businesses, which have to compete with larger companies while offering comparable online services to customers and partners.
"One of the ways we compete very effectively with much larger organizations is by leveraging best of breed solutions; it can be a very good equalizer," said Basil Blume, CIO for Colorado Capital Bank, a regional commercial financial institution. "In many cases, we can deliver a solution on par or in some case better than a bank that's much larger than us."
So far so good, but companies like Blume's typically lack the resources to make six- and seven-figure investments to develop solutions in-house, or integrate third-party IDM solutions, which require a lot of heavy lifting to tie into existing back-end systems, much less to extend a growing list of applications outside the company.
Not surprisingly, Colorado Capital Bank leans heavily on managed services to deliver what Blume characterizes as "best of breed solutions" to deliver online applications to customers. But that model is not without problems.
"The challenge is that customers may have three or four disparate systems they are accessing, so one direction we like to head into is to consolidate those disparate systems with a portal type front end. That's where we can really home in and address specific customer needs," he said. "In the back end, we need to have single sign-on (SSO) to allow customers to access a single front-end portal to access the information they need."
But SSO isn't easy or cheap. Blume said he can't match the development and integration capabilities of a giant competitor like Wells Fargo, so he's turned once again to the service model, piloting a program with startup Symplified, which launched its SSO service this week. SSO is the first of six IDM capabilities Symplified will eventually offer, using the increasingly popular software-as-a-service (SaaS) model for security.
Symplified's IDM services are based on what it calls the SinglePoint network, and will be offered both in the cloud and through a network device -- the Symplified Identity Router. In either case, the customer configures policy through a Web 2.0-style interface, called SinglePoint Studio. In either case, Symplified says it provides integrated Web-based access to applications based on platforms like Oracle, .NET, Java, Citrix, SAP and SaaS applications like Salesforce.com and Workday without expensive software and costly and difficult integration and upkeep.
Symplified is aimed at the midmarket, which it says can't afford the cost and complexity of software-based solutions. At one time, SSO was focused internally to give employees easy access to disparate back-end systems. Today, they have to tie employees, customers and partners into a complex ecosystem of SaaS applications and online services. However, they still have to compete with larger competitors.
"It's being forced on them; it's economics. People aren't going to throw away IT systems they've put in over the last 20 years; they need to make them work now, in this new world," said Eric Olden, Symplified CEO. "If you want to integrate a CRM system, if you do it in house it will cost you a million dollars, so naturally you look for subscription alternative to save money."
The SSO offering will be followed in time by auditing and compliance, access and authorization, identity synchronization, strong authentication and identity integration.
Colorado Capital sees its pilot as an investment in what Blume believes is the trend in favor of SaaS.
"This is a longer term, strategic approach in the direction we believe technology is heading," Blume said. "We think we can use technology to differentiate some of our products and services, along with the right people and products to allocate resources to establish and hopefully improve our competitive position."