No longer solely the province of the mainframe, with its centralized repository and management, Identity and Access Management (IAM) has extended itself to distributed platforms such as UNIX, Linux, and Microsoft. As a result, enterprises are using multiple IAM systems on multiple platforms to manage identity and access. IT has to ensure it knows how to bring together all the IAM components running on desktops, LANs, the mainframe, and other platforms.
The increased emphasis on compliance, especially in the wake of the Wall Street meltdown and the almost-daily reports of massive data breaches, further complicates the IAM process.
IAM Market Share
IDC’s figures show that IAM revenues worldwide totaled just over $3.38 billion in 2008, and IDC predicts these figures will increase at a compound annual growth rate of 7.2 percent to $4.8 billion by 2013. Figure 1 shows a breakdown of IAM revenues by platform for 2008 and IDC’s projections through 2013.
Market share alone doesn’t constitute the whole picture. The percentage of strategic information a platform supports shows how vital it is to an enterprise. Mainframes hold roughly 80 percent of machine-readable data worldwide. According to CA, in 2008, the total installed mainframe capacity worldwide was about 14 million MIPS, and mainframes hosted more than $1 trillion of critical application investments. That means the mainframe is a trusted platform, so it can be leveraged to perform more functions, including IAM.
IAM and the Mainframe
The point of having IAM solutions is to ensure your business is in compliance with various regulations. IAM is a key factor in achieving compliance, according to IDC analyst Sally Hudson. She recommends that companies implement an IAM architecture to cope with the growing worldwide demand for regulatory compliance with standards such as the:
- Sarbanes-Oxley Act (SOX)
- Payment Card Industry Data Security Standard (PCIDSS), which governs credit and debit card transactions
- Gramm-Leach-Bliley Act (GLBA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Japan Personal Information Protection Act (JPIPA).
“Enterprises will require a flowing automated system that allows for a strong security framework, including auditing, archiving, and storage for compliance purposes,” Hudson says. “Data must be easy to locate and produce for audit. A proactive automated system that doesn’t permit an out-ofcompliance action to occur is the goal.”
The mainframe will continue to play a vital role as companies look for ways to leverage their existing systems to keep costs down.