Wednesday, July 04, 2007

SAP Identity will take time

I gave my 2 cents on the SAP acquisition of MaXware when it happened and noted that it wouldn't be long before they officially announce their entry as an Identity Management vendor.

Well they've now publically stated their intent. It'll take them awhile before they truly understand the space however. It's not surprising given that this is new to them and they've been too busy milking the SAP R/3 cash cow for so long. Oracle's Identity Architect Nishant Kaushik points this out (the "not understanding the space" part, not the cash cow bit) in his latest blog post following his observations from the recent Burton Group Catalyst conference. He's right, although he does have a vested interest in pointing this out given that SAP and Oracle go head to head in almost everything.

What SAP may not yet realise (but will soon enough) is that they have a distinct advantage over many of the other Identity Management (IDM) vendors when it comes to user management and provisioning, especially around anything to do with people and entitlements. In other words, what people should be getting access to within the environment and how they get this access.

Their competitive advantage is actually SAP R/3 itself. Almost every IDM deployment drives their user provisioning, updates and de-provisioning processes through their HR systems. In most cases this is going to be SAP or Oracle (typically Peoplesoft). It makes sense of course. If a person is hired, the first place they appear is in the HR system. When they leave, they get taken out of HR. It is for this reason that Oracle wasted no time in closely integrating their IDM suite with their HR applications and also took the trouble to cross certify them.

If SAP is to become a serious IDM vendor and challenge the likes of IBM, Oracle, Sun, CA and BMC they need to start with their existing R/3 install base. This seems like a no-brainer. Sales 101. Go after the people you already have relationships with and up-sell your products. What they'll need to be able to do however, is convince the install base that SAP IDM is the way to go because of the tight coupling with R/3 right from the underlying technology through to the business processes. SAP will not beat the other vendors on functionality, at least not for now.

They've essentially bought a meta/virtual directory product with synchronisation capabilities and minimal provisioning functionality (MaXware) and another product to tie in compliance (Virsa). There isn't enough functionality to compete from a holistic standpoint. They will need to prove that they hook into the SAP platform better than anyone else out there (and they really should because it's their own software) and they will also need to sell customers on their commitment to an overall IDM strategy and then go out and buy companies to fill the gaps, of which there are many.

In short, SAP need to focus on 2 things before being able to be a serious threat in the IDM game:
  1. Integrate the current capabilities seamlessly into their application software stack and do it better than anyone else out there and sell customers on the fact that IDM should be driven by their existing SAP R/3 deployments.
  2. Fill out the big gaps in their IDM portfolio. There are many holes.
When they do step 1 successfully, they may actually start to sell some of their software to customers that buy into their IDM vision/strategy. If they do step 2 successfully, the other vendors better watch out. Because then only 2 vendors will be able to say "our software can run your entire identity management process end to end, from business through to IT". At the moment, Oracle can probably go into customers saying this. SAP need to get there too. It's their best bet at becoming a legitimate IDM player.

No comments: