Five Business Drivers of Identity and Access Management

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Five Business Drivers of Identity and Access Management"

Transcription

1 Research Publication Date: 31 October 2003 ID Number: SPA Five Business Drivers of Identity and Access Management Roberta J. Witty The primary reasons to implement IAM solutions are business facilitation, cost containment, operational efficiency, IT risk management and regulatory compliance. IAM also ensures a secure access control infrastructure. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice.

2 WHAT YOU NEED TO KNOW Identity and access management projects are much more than technology implementations they have real business value by reducing direct costs, improving operational efficiency and enabling regulatory compliance. Alerting senior management to IAM's business benefits will help with project approval and investment allocation. STRATEGIC PLANNING ASSUMPTION(S) By 2005, 60 percent of Global 1000 enterprises will implement IAM products from one or two primary vendors (0.8 probability). By 2005, operational efficiency and cost containment will be the primary business drivers for enterprisewide IAM implementations (0.8 probability). ANALYSIS The five business drivers (see Figure 1) for implementing the components of an identity and access management (IAM) solution are: Business facilitation Cost containment Operational efficiency IT risk management Regulatory compliance Publication Date: 31 October 2003/ID Number: SPA Page 2 of 8

3 Figure 1. The Five IAM Business Drivers Business Units Regulatory Compliance! Gramm-Leach-Bliley Act! HIPAA! 21 CFR Part 11! North American Electric Reliability Council! Sarbanes-Oxley Chief Information Security Officer Risk Management! Audit management! Terminations! Policy-based compliance! Strong authentication! Strong audit trail Source: Gartner Research (October 2003) Business Facilitation! Customer self-registration! Portal and personalization! Outsourcing! Customer retention CIO CFO Cost Containment! Reduce/avoid staff Security administration Help desk! Common IAM architecture! Non-IT services Help Desk Security Administration Operational Efficiency! Improved service-level agreement (less than 24 hours)! Productivity savings! User convenience! Security administration reporting Some drivers are more applicable to one component of the IAM solution than another (see Table 1). Cost containment and IT risk management are the primary reasons for the majority of IAM implementations for internal user access. Business facilitation is the primary driver for implementations that address external user access control. Because all IAM components assist with regulatory compliance, the majority of enterprises deal with this business driver as a supporting motivator for implementing a "best practice" information security program. Table 1. IAM Business Drivers and Components Business Facilitation Cost Containment Operational Efficiency IT Risk Management Regulatory Compliance Authentication Services X X X X Enterprise Single Sign-On X X X Password Management X X X X X User Provisioning, Metadirectory, Identity Administration Operating-System Security X X X X X Database Security X X X X Publication Date: 31 October 2003/ID Number: SPA Page 3 of 8

4 Extranet Access Management, Identity Administration Source: Gartner Research (October 2003) Business Facilitation X X X X X To provide easier, faster access to enterprise information for customers, trading partners and employees, increasingly via the Internet, you also must provide the appropriate security infrastructure for such an environment. Reasons to implement an IAM solution for business facilitation include: Customer Self-Registration When the number of customers reaches hundreds of thousands, enterprises can't manage the security administration requirements of all users through manual measures. They must automate, or they can't deliver the service. When automating, enterprises offload the administrative costs to end-user departments or customers. Extranet access management (EAM) products typically are used for end-user self-registration. Portal and Personalization Implementation More business services are being delivered via portals that provide a common access interface, as well as to deliver personalized services to the end user. Portals must authenticate and authorize users. The delivery of personalized services can leverage the information repository that is also used for authentication and authorization. Directories and EAM products are key components to portal and personalization projects. Outsourcing When enterprises outsource their IT operations, the outsourcing service provider often assumes the security administration responsibility for their clients. To make this operation cost-effective and efficient for both parties, and to provide a separation of duties among its outsourcing customers, the outsourcing service provider must have a well-defined security administration function. Service providers often use user provisioning products to provide this function internally to their operations. Customer Retention Customers are demanding; if you don t make it easy for them to use your service, they ll leave you for a competitor with which it is easier to do business. The cost of obtaining a new customer is high the cost to retain a customer can be even higher. Marketing managers use various types of tactics to retain customers, including self-service password resets and single sign-on (SSO) functionality. Cost Containment Current staffing levels can't accommodate enterprises' growing needs for day-to-day security administration activities at the help desk or security administration groups. Regardless of an economic upturn or downturn, enterprises want cost-cutting measures. IAM solutions are one of the few areas within the information security program that can provide you with direct savings. Reduce or Avoid Adding Staff In the typical enterprise, help desk personnel, system administrators and security administrators handle user access requests on a daily basis. In some enterprises, the help desk call volume that is associated with password problems is as high as 80 percent. (The help desk has other problems, such as a very short password change policy for all applications for example, 30 days.) Adding a system or application to the IT environment often means training someone on that new technology, or acquiring additional talent to handle it from a security administration perspective. However, it is rare to find an enterprise that eliminates staff doing security administration activity. Usually these people are reassigned to other, sometimes long-neglected, information security activities, such as audit log monitoring. You can reduce the costs of the security administration process by using password management, user provisioning and EAM products. Publication Date: 31 October 2003/ID Number: SPA Page 4 of 8

5 Common IAM Architecture By establishing a common IAM architecture, you can eliminate the costs that are associated with design and development "one-offs" in each application development group; reduce or eliminate platform-specific hardware and software that is supporting security administration activities; and ease application integration by providing a common authentication and authorization infrastructure. Directories, password management, user provisioning and EAM products are the backbones of an IAM architecture. Non-IT Services Once you have implemented a user provisioning product, you will see the benefits of the system outside of the information security domain. Non-IT resources, such as physical security access devices, cellular phones and pagers (and other devices that have a monthly service fee), can be better-managed at the time of issuance. More importantly, when the device's user leaves the enterprise, the monthly bill can be eliminated more quickly. Operational Efficiency Enterprises want a faster fulfillment process for access requests, as well as improved user convenience through the use of IAM solutions. Password management, user provisioning, EAM and SSO products deliver on this business driver. Improved Service-Level Agreements Achieving an access request fulfillment turnaround time of 24 hours or less, which is a requirement in a growing number of enterprises, can be achieved only via automation. With an average of 18 user accounts per internal user, creating 18 accounts in a day, including approvals, can't be done manually. Productivity Savings Automating the IAM process results in time savings in many areas: Revenue-producing employees and contractors get access to needed resources and can start working within their first few days of employment. Reducing the time frame for approving access requests means less time spent by middle and senior management on these approvals. A nice feature in some IAM products is a "one-click" approval process, which eliminates even more time from the approval process. Approvers don't have to go into the user provisioning product to approve the request; they can use the secure facility to send the approval, once they are notified via . Enabling users to change their passwords not only eliminates help desk cost, but also reduces the time spent by users to change the password. Thus, they can work when they want to, and can get back to work sooner than the average 20 minutes spent going through the help desk. User Convenience Password management and SSO products put end users in control and make for happier users overall. They are critical components for ensuring customer retention. Security Administration Reporting Enterprises must produce reports for day-to-day security administration purposes. Obtaining this information from a centralized facility increases operational efficiency. IT Risk Management The ability to prove the security of your access control infrastructure is an important requirement for day-to-day security administration activities and auditing purposes, and to obtain and maintain customers. In addition, the ability to implement and maintain regulatory requirements is a "must do" for certain industries. All components of the IAM solution, except for SSO which has its detractors who perceive a lowered level of security through its use aid in ensuring a secure access control infrastructure. Publication Date: 31 October 2003/ID Number: SPA Page 5 of 8

6 Audit Management Responding to audits in a timely manner saves money for auditors, system administrators, security administrators and managers. Terminations Disabling terminated users' access immediately following their termination results in reduced exposure for enterprises. With no facility that identifies user accounts enterprisewide, it is 99 percent probable that one will be missed. This account may allow a disgruntled employee or hacker to breach the enterprise's security. Policy-Based Compliance Automatically implementing and maintaining IAM policies, such as password formation, change and history policies, roles and privileges, and business hours usage, are central to an IAM solution. Automation helps reduce the cost of log monitoring because you can focus on access exceptions. Strong Authentication For industries such as financial services and healthcare, providing a stronger authentication mechanism other than user ID and password is a requirement based on the confidentiality and sensitivity of the information being accessed, including the IAM product. Strong Audit Trail Nonrepudiation may be a requirement for the event log entries of the IAM component for industries that must have a strong access control infrastructure. Regulatory Compliance The regulations for the financial services, healthcare, pharmaceutical and other industries regulated by the U.S. Food and Drug Administration, as well as electric energy industries, require the establishment of a secure access control infrastructure. The U.S. Public Company Accounting Reform and Investor Protection Act of 2002 (also known as the Sarbanes-Oxley Act) is causing U.S. public companies and foreign enterprises with U.S. operations to address their internal control infrastructure. Specific regulations and their IAM focus include: Financial Services The Gramm-Leach-Bliley Financial Services Modernization Act of 1999 secure access to customer information. Healthcare/Medical The Health Insurance Portability and Accountability Act (HIPAA) limit access to individual healthcare information to the minimum access necessary to perform job functions (roles) that are related to treatment, payment and healthcare operations. Part 11 of the U.S. Title 21 Code of Federal Regulations (21 CFR Part 11) maintain a chain of validity and integrity of data submitted as a part of a new drug application. That is, logging each unique individual or machine responsible for the creation of, change to or deletion of data that supports an electronic submission of a new drug application. Electric Utilities The North American Electric Reliability Council Urgent Action Standard 1200: Section 1204, Electronic Access Control identify and implement electronic access controls for access to critical cyberassets within the electronic security perimeter. Section 1207, Personnel identify all personnel, including contractors and service vendors, who are granted electronic or physical access to critical cyberassets. Section 1210, Information Protection maintain a document that identifies the access limitations to sensitive information related to critical cyberassets. Publication Date: 31 October 2003/ID Number: SPA Page 6 of 8

7 Public U.S. Companies and Foreign Companies Traded on U.S. Markets, Including Their Subsidiaries Sarbanes-Oxley auditing and separating duties for access to information or transactions that could affect enterprises' financial statements. Industries Best-Suited for an IAM Solution Regulated industries have a vested interest in implementing many, if not all, IAM components. Other industries that are implementing IAM technologies include: Retail Retail institutions have an annual staff turnover of close to 100 percent. Also, they have to contend with holiday hiring cycles that put strain on their ability to handle the security administration needs of these new users. Education Similar to retail, educational institutions have cycles in their user population (academic terms). They also must ensure that the accounts associated with users who are no longer affiliated with the institution are removed from the IT environment. Some institutions have discovered ex-students and ex-teachers using institution-owned computer processing facilities to run private businesses. Government State governments are greatly interested in delivering state services to their constituencies via the Internet. Thus, they need an access control infrastructure that can manage millions of users, most of whom have only occasional need to access government services (for example, for yearly tax returns). Manufacturing Enterprise resource planning implementations have forced many manufacturing companies to develop roles and associated access rights for their workforces. To maintain these roles, many of these companies turn to user provisioning products otherwise, their role-based access control structures would be out of date in six to 12 months. Key Issues How will enterprises manage the complexity of authentication and access control in a highly distributed world? Acronym Key CFR Code of Federal Regulations EAM HIPAA IAM SSO extranet access management Healthcare Information Portability and Accountability Act identity and access management single sign-on This research is part of a set of related research pieces. See "The Growing Need for Identity and Access Management" for an overview. Publication Date: 31 October 2003/ID Number: SPA Page 7 of 8

8 REGIONAL HEADQUARTERS Corporate Headquarters 56 Top Gallant Road Stamford, CT U.S.A European Headquarters Tamesis The Glanty Egham Surrey, TW20 9AW UNITED KINGDOM Asia/Pacific Headquarters Level 7, 40 Miller Street North Sydney New South Wales 2060 AUSTRALIA Latin America Headquarters Av. das Nações Unidas andar WTC São Paulo SP BRAZIL Publication Date: 31 October 2003/ID Number: SPA Page 8 of 8

Research. Identity and Access Management Defined

Research. Identity and Access Management Defined Research Publication Date: 4 November 2003 ID Number: SPA-21-3430 Identity and Access Management Defined Roberta J. Witty, Ant Allan, John Enck, Ray Wagner An IAM solution requires multiple products from

More information

Use This Eight-Step Process for Identity and Access Management Audit and Compliance

Use This Eight-Step Process for Identity and Access Management Audit and Compliance Research Publication Date: 28 March 2005 ID Number: G00126592 Use This Eight-Step Process for Identity and Access Management Audit and Compliance Roberta J. Witty, Ant Allan, Jay Heiser Authentication,

More information

Security and Identity Management Auditing Converge

Security and Identity Management Auditing Converge Research Publication Date: 12 July 2005 ID Number: G00129279 Security and Identity Management Auditing Converge Earl L. Perkins, Mark Nicolett, Ant Allan, Jay Heiser, Neil MacDonald, Amrit T. Williams,

More information

Key Issues for Identity and Access Management, 2008

Key Issues for Identity and Access Management, 2008 Research Publication Date: 7 April 2008 ID Number: G00157012 for Identity and Access Management, 2008 Ant Allan, Earl Perkins, Perry Carpenter, Ray Wagner Gartner identity and access management research

More information

Document Management: Assessing Costs and Benefits

Document Management: Assessing Costs and Benefits Research Publication Date: 27 September 2000 ID Number: SPA-11-9200 Document Management: Assessing Costs and Benefits Debra Logan Investment in DM will typically pay for itself within two or three years.

More information

The Four "A's" of Information Security

The Four A's of Information Security Strategic Planning, R. Witty, A. Allan, J. Enck, R. Wagner Research Note 4 November 2003 Identity and Access Management Defined An IAM solution requires multiple products from multiple vendors. It also

More information

How to Develop an Effective Vulnerability Management Process

How to Develop an Effective Vulnerability Management Process Research Publication Date: 1 March 2005 ID Number: G00124126 How to Develop an Effective Vulnerability Management Process Mark Nicolett IT organizations should develop vulnerability management processes

More information

The Five Competencies of MRM 'Re-' Defined

The Five Competencies of MRM 'Re-' Defined Research Publication Date: 14 March 2008 ID Number: G00155835 The Five Competencies of MRM 'Re-' Defined Kimberly Collins This research details the five key competencies of marketing resource management

More information

Gartner Updates Its Definition of IT Infrastructure Utility

Gartner Updates Its Definition of IT Infrastructure Utility Research Publication Date: 23 April 2004 ID Number: M-22-2393 Gartner Updates Its Definition of IT Infrastructure Utility Claudio Da Rold Our new definition of IT infrastructure utility clears away some

More information

Business Intelligence Focus Shifts From Tactical to Strategic

Business Intelligence Focus Shifts From Tactical to Strategic Research Publication Date: 22 May 2006 ID Number: G00139352 Business Intelligence Focus Shifts From Tactical to Strategic Betsy Burton, Lee Geishecker, Kurt Schlegel, Bill Hostmann, Tom Austin, Gareth

More information

Q&A: The Many Aspects of Private Cloud Computing

Q&A: The Many Aspects of Private Cloud Computing Research Publication Date: 22 October 2009 ID Number: G00171807 Q&A: The Many Aspects of Private Cloud Computing Thomas J. Bittman Cloud computing is at the Peak of Inflated Expectations on the Gartner

More information

Risk Intelligence: Applying KM to Information Risk Management

Risk Intelligence: Applying KM to Information Risk Management Research Publication Date: 19 September 2007 ID Number: G00151742 Risk Intelligence: Applying KM to Information Risk Management French Caldwell Risk intelligence is the alignment of information governance

More information

Cost Optimization: Three Steps to Saving Money on Maintenance and Support for Network Security Products

Cost Optimization: Three Steps to Saving Money on Maintenance and Support for Network Security Products Research Publication Date: 10 December 2008 ID Number: G00163195 Cost Optimization: Three Steps to Saving Money on Maintenance and Support for Network Security Products Lawrence Orans, Greg Young Most

More information

Q&A: How Can ERP Recurring Costs Be Contained?

Q&A: How Can ERP Recurring Costs Be Contained? Research Publication Date: 18 December 2008 ID Number: G00163030 Q&A: How Can ERP Recurring Costs Be Contained? Peter Wesche Driven by increased pressure for cost containment, attendees at the 2008 Financial

More information

Research. Key Issues for Software as a Service, 2009

Research. Key Issues for Software as a Service, 2009 Research Publication Date: 6 February 2009 ID Number: G00164873 Key Issues for Software as a Service, 2009 Robert P. Desisto, Ben Pring As organizations' capital budgets dry up, clients evaluating SaaS

More information

2010 FEI Technology Study: CPM and BI Show Improvement From 2009

2010 FEI Technology Study: CPM and BI Show Improvement From 2009 Research Publication Date: 22 March 2010 ID Number: G00175233 2010 FEI Technology Study: CPM and BI Show Improvement From 2009 John E. Van Decker Many organizations recognize that current financial management

More information

The Current State of Agile Method Adoption

The Current State of Agile Method Adoption Research Publication Date: 12 December 2008 ID Number: G00163591 The Current State of Agile Method Adoption David Norton As the pace of agile adoption increases, development organizations must understand

More information

Toolkit: Reduce Dependence on Desk-Side Support Technicians

Toolkit: Reduce Dependence on Desk-Side Support Technicians Gartner for IT Leaders Publication Date: 23 April 2007 ID Number: G00147075 Toolkit: Reduce Dependence on Desk-Side Support Technicians David M. Coyle, Terrence Cosgrove The IT service desk and PC life

More information

Transactional HR self-service applications typically get implemented first because they typically automate manual, error-prone processes.

Transactional HR self-service applications typically get implemented first because they typically automate manual, error-prone processes. Research Publication Date: 28 August 2008 ID Number: G00159897 HR Self-Service Applications Defined James Holincheck In this research, we discuss the different types of HR self-service and strategies for

More information

Managing IT Risks During Cost-Cutting Periods

Managing IT Risks During Cost-Cutting Periods Research Publication Date: 22 October 2008 ID Number: G00162359 Managing IT Risks During Cost-Cutting Periods Mark Nicolett, Paul E. Proctor, French Caldwell To provide visibility into increased risks

More information

2010 Gartner FEI Technology Study: Planned Shared Services and Outsourcing to Increase

2010 Gartner FEI Technology Study: Planned Shared Services and Outsourcing to Increase Research Publication Date: 20 April 2010 ID Number: G00176029 2010 Gartner FEI Technology Study: Planned Shared Services and Outsourcing to Increase John E. Van Decker, Cathy Tornbohm This Gartner Financial

More information

IT asset management (ITAM) will proliferate in midsize and large companies.

IT asset management (ITAM) will proliferate in midsize and large companies. Research Publication Date: 2 October 2008 ID Number: G00161024 Trends on Better IT Asset Management Peter Wesche New exiting trends will lead to a higher adoption of asset management methodologies. Tighter

More information

Knowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets

Knowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets Research Publication Date: 31 July 2009 ID Number: G00169664 Knowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets Regina Casonato This research

More information

Selection Requirements for Business Activity Monitoring Tools

Selection Requirements for Business Activity Monitoring Tools Research Publication Date: 13 May 2005 ID Number: G00126563 Selection Requirements for Business Activity Monitoring Tools Bill Gassman When evaluating business activity monitoring product alternatives,

More information

The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools

The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools Research Publication Date: 13 January 2011 ID Number: G00210132 The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools Ronni J. Colville, Patricia Adams As configuration

More information

Invest in an analysis of current metrics and those missing, and develop a plan for continuous management and improvement.

Invest in an analysis of current metrics and those missing, and develop a plan for continuous management and improvement. Research Publication Date: 29 April 2008 ID Number: G00154802 Key Metrics for IT Service and Support David M. Coyle, Kris Brittain To evaluate IT service and support performance, senior management must

More information

Organizations Should Implement Web Application Security Scanning

Organizations Should Implement Web Application Security Scanning Research Publication Date: 21 September 2005 ID Number: G00130869 Organizations Should Implement Web Application Security Scanning Amrit T. Williams, Neil MacDonald Web applications are prone to vulnerabilities

More information

The Lack of a CRM Strategy Will Hinder Health Insurer Growth

The Lack of a CRM Strategy Will Hinder Health Insurer Growth Industry Research Publication Date: 15 October 2008 ID Number: G00162107 The Lack of a CRM Strategy Will Hinder Health Insurer Growth Joanne Galimi The Gartner 2008 healthcare payer application survey

More information

Integrated Marketing Management Aligns Executional, Operational and Analytical Processes in a Closed-Loop Process

Integrated Marketing Management Aligns Executional, Operational and Analytical Processes in a Closed-Loop Process Research Publication Date: 26 October 2010 ID Number: G00207031 Integrated Marketing Management Aligns Executional, Operational and Analytical Processes in a Closed-Loop Process Kimberly Collins This research

More information

Case Study: New South Wales State Department of Education Adopts Gmail for 1.2 Million Students

Case Study: New South Wales State Department of Education Adopts Gmail for 1.2 Million Students Industry Research Publication Date: 26 January 2010 ID Number: G00172722 Case Study: New South Wales State Department of Education Adopts Gmail for 1.2 Million Students Steve Bittinger Australia's New

More information

Consider Identity and Access Management as a Process, Not a Technology

Consider Identity and Access Management as a Process, Not a Technology Research Publication Date: 2 September 2005 ID Number: G00129998 Consider and Management as a Process, Not a Technology Earl L. Perkins, Ant Allan This Research Note complements earlier Gartner research

More information

Discovering the Value of Unified Communications

Discovering the Value of Unified Communications Research Publication Date: 12 February 2007 ID Number: G00144673 Discovering the Value of Unified Communications Bern Elliot, Steve Cramoysan Unified communications represent a broad range of new solutions

More information

Overcoming the Gap Between Business Intelligence and Decision Support

Overcoming the Gap Between Business Intelligence and Decision Support Research Publication Date: 9 April 2009 ID Number: G00165169 Overcoming the Gap Between Business Intelligence and Decision Support Rita L. Sallam, Kurt Schlegel Although the promise of better decision

More information

CDOs Should Use IT Governance and Risk Compliance Management to Advance Compliance

CDOs Should Use IT Governance and Risk Compliance Management to Advance Compliance Industry Research Publication Date: 1 May 2008 ID Number: G00156708 CDOs Should Use IT Governance and Risk Compliance Management to Advance Compliance Barry Runyon Care delivery organizations (CDOs) are

More information

Embrace Virtual Assistants as Part of a Holistic Web Customer Service Strategy

Embrace Virtual Assistants as Part of a Holistic Web Customer Service Strategy Research Publication Date: 19 August 2010 ID Number: G00205618 Embrace Virtual Assistants as Part of a Holistic Web Customer Service Strategy Johan Jacobs Customers are insisting on multiple methods to

More information

Tactical Guideline: Minimizing Risk in E-Mail Hosting Relationships

Tactical Guideline: Minimizing Risk in E-Mail Hosting Relationships Research Publication Date: 26 February 2008 ID Number: G00154838 Tactical Guideline: Minimizing Risk in E-Mail Hosting Relationships Matthew W. Cain This report discusses the often hidden risks in moving

More information

Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users

Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users Research Publication Date: 17 October 2006 ID Number: G00144061 Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users Amrit T. Williams, John Pescatore, Paul E. Proctor

More information

An outline of the five critical components of a CRM vision and how they contribute to an enterprise's CRM success

An outline of the five critical components of a CRM vision and how they contribute to an enterprise's CRM success Research Publication Date: 1 March 2007 ID Number: G00146362 How to Create a Powerful CRM Vision Gene Alvarez This research provides: Guidance on how to develop a CRM vision An outline of the five critical

More information

Key Issues for Data Management and Integration, 2006

Key Issues for Data Management and Integration, 2006 Research Publication Date: 30 March 2006 ID Number: G00138812 Key Issues for Data Management and Integration, 2006 Ted Friedman The effective management and leverage of data represent the greatest opportunity

More information

Research Agenda and Key Issues for Converged Infrastructure, 2006

Research Agenda and Key Issues for Converged Infrastructure, 2006 Research Publication Date: 20 July 2006 ID Number: G00141507 Research Agenda and Key Issues for Converged Infrastructure, 2006 Sylvain Fabre Gartner's research will cover fixed-mobile convergence, the

More information

IT Operational Considerations for Cloud Computing

IT Operational Considerations for Cloud Computing Research Publication Date: 13 June 2008 ID Number: G00157184 IT Operational Considerations for Cloud Computing Donna Scott Cloud computing market offerings increase the options available to source IT services.

More information

Deliver Process-Driven Business Intelligence With a Balanced BI Platform

Deliver Process-Driven Business Intelligence With a Balanced BI Platform Research Publication Date: 12 April 2006 ID Number: G00139377 Deliver Process-Driven Business Intelligence With a Balanced BI Platform Kurt Schlegel To enable process-driven business intelligence, IT organizations

More information

The Hype Around an Integrated Talent Management Suite Outpaces Customer Adoption

The Hype Around an Integrated Talent Management Suite Outpaces Customer Adoption Research Publication Date: 3 February 2009 ID Number: G00164356 The Hype Around an Integrated Talent Management Suite Outpaces Customer Adoption James Holincheck Gartner surveyed 123 customer references

More information

Case Study: A K-12 Portal Project at the Miami-Dade County Public Schools

Case Study: A K-12 Portal Project at the Miami-Dade County Public Schools Industry Research Publication Date: 31 December 2007 ID Number: G00154138 Case Study: A K-12 Portal Project at the Miami-Dade County Public Schools Bill Rust The Miami-Dade County Public Schools a school

More information

The EA process and an ITG process should be closely linked, and both efforts should leverage the work and results of the other.

The EA process and an ITG process should be closely linked, and both efforts should leverage the work and results of the other. Research Publication Date: 4 April 2008 ID Number: G00155260 Integrate EA and IT Governance s Betsy Burton, R. Scott Bittler, Cassio Dreyfuss In many organizations, we find that IT governance (ITG) initiatives

More information

Vendor Focus for IBM Global Services: Consulting Services for Cloud Computing

Vendor Focus for IBM Global Services: Consulting Services for Cloud Computing Research Publication Date: 22 February 2010 ID Number: G00174046 Vendor Focus for IBM Global Services: Consulting Services for Cloud Computing Susan Tan Amid the hype and buzz of cloud computing are very

More information

When to Use Custom, Proprietary, Open-Source or Community Source Software in the Cloud

When to Use Custom, Proprietary, Open-Source or Community Source Software in the Cloud Industry Research Publication Date: 3 May 2010 ID Number: G00175030 When to Use Custom, Proprietary, Open-Source or Community Source Software in the Cloud Massimiliano Claps, Andrea Di Maio Cloud computing

More information

IAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions.

IAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions. Research Publication Date: 1 September 2009 ID Number: G00161012 SIEM and IAM Technology Integration Mark Nicolett, Earl Perkins Integration of identity and access management (IAM) and security information

More information

Cloud IaaS: Security Considerations

Cloud IaaS: Security Considerations G00210095 Cloud IaaS: Security Considerations Published: 7 March 2011 Analyst(s): Lydia Leong, Neil MacDonald Ensuring adherence to your organization's security and compliance requirements is one of the

More information

Now Is the Time for Security at the Application Level

Now Is the Time for Security at the Application Level Research Publication Date: 1 December 2005 ID Number: G00127407 Now Is the Time for Security at the Application Level Theresa Lanowitz Applications must be available, useful, reliable, scalable and, now

More information

2009 FEI Technology Study: CPM and BI Pose Challenges and Opportunities

2009 FEI Technology Study: CPM and BI Pose Challenges and Opportunities Research Publication Date: 23 July 2009 ID Number: G00168896 2009 FEI Technology Study: CPM and BI Pose Challenges and Opportunities John E. Van Decker Many organizations recognize that existing financial

More information

Private Cloud Computing: An Essential Overview

Private Cloud Computing: An Essential Overview Research Publication Date: 23 November 2010 ID Number: G00209000 Private Cloud Computing: An Essential Overview Thomas J. Bittman Private cloud computing requires strong leadership and a strategic plan

More information

Organizations Must Employ Effective Data Security Strategies

Organizations Must Employ Effective Data Security Strategies Research Publication Date: 30 August 2005 ID Number: G00123639 Organizations Must Employ Effective Data Security Strategies Rich Mogull Organizations can best protect data through a hierarchical data security

More information

Six Best Practices for Aligning Enterprise Architecture With the Business Strategy

Six Best Practices for Aligning Enterprise Architecture With the Business Strategy Research Publication Date: 28 January 2009 ID Number: G00164923 Six Best Practices for Aligning Enterprise Architecture With the Business Strategy Anne Lapkin Alignment of enterprise activities and investments

More information

Real-Time Decisions Need Corporate Performance Management

Real-Time Decisions Need Corporate Performance Management Research Publication Date: 26 April 2004 ID Number: COM-22-3674 Real-Time Decisions Need Corporate Performance Management Frank Buytendijk, Brian Wood, Mark Raskino The real-time enterprise model depends

More information

Use These Guidelines for Making Better CRM Consulting Provider Selections

Use These Guidelines for Making Better CRM Consulting Provider Selections Research Publication Date: 7 July 2006 ID Number: G00141062 Use These Guidelines for Making Better CRM Consulting Provider Selections Matthew Goldman, Ed Thompson, Lorrie Scardino Gartner sees many inconsistencies

More information

Cloud IaaS: Service-Level Agreements

Cloud IaaS: Service-Level Agreements G00210096 Cloud IaaS: Service-Level Agreements Published: 7 March 2011 Analyst(s): Lydia Leong Cloud infrastructure-as-a-service (IaaS) providers typically offer SLAs that cover the various elements of

More information

Successful EA Change Management Requires Five Key Elements

Successful EA Change Management Requires Five Key Elements Research Publication Date: 26 December 2007 ID Number: G00153908 Successful EA Change Management Requires Five Key Elements Richard Buchanan Change, in all its many aspects, is a critical aspect of the

More information

Governance Is an Essential Building Block for Enterprise Information Management

Governance Is an Essential Building Block for Enterprise Information Management Research Publication Date: 18 May 2006 ID Number: G00139707 Governance Is an Essential Building Block for Enterprise Information Management David Newman, Debra Logan Organizations are seeking new ways

More information

User Survey Analysis: Usage Plans for SaaS Application Software, France, Germany and the U.K., 2009

User Survey Analysis: Usage Plans for SaaS Application Software, France, Germany and the U.K., 2009 Dataquest Publication Date: 23 February 2009 ID Number: G00165376 User Survey Analysis: Usage Plans for SaaS Application Software, France, Germany and the U.K., 2009 Chris Pang Gartner surveyed nearly

More information

Dutch University's Successful Enterprise System Implementation Yields Valuable Lessons

Dutch University's Successful Enterprise System Implementation Yields Valuable Lessons Industry Research G00232987 Dutch University's Successful Enterprise System Implementation Yields Valuable Lessons Published: 28 March 2012 Analyst(s): Ron Bonig When Vrije Universiteit in Amsterdam implemented

More information

How Eneco's Enterprisewide BI and Performance Management Initiative Delivered Significant Business Benefits

How Eneco's Enterprisewide BI and Performance Management Initiative Delivered Significant Business Benefits Research Publication Date: 13 June 2008 ID Number: G00158605 How Eneco's Enterprisewide BI and Performance Management Initiative Delivered Significant Business Benefits Nigel Rayner Eneco was faced with

More information

Cloud E-Mail Decision-Making Criteria for Educational Organizations

Cloud E-Mail Decision-Making Criteria for Educational Organizations Research Publication Date: 10 June 2011 ID Number: G00213675 Cloud E-Mail Decision-Making Criteria for Educational Organizations Matthew W. Cain Educational organizations sometimes struggle to choose between

More information

XBRL Will Enhance Corporate Disclosure and Corporate Performance Management

XBRL Will Enhance Corporate Disclosure and Corporate Performance Management Research Publication Date: 23 April 2008 ID Number: G00156910 XBRL Will Enhance Corporate Disclosure and Corporate Performance Management Nigel Rayner, Neil Chandler Extensible Business Reporting Language

More information

Gartner Defines Enterprise Information Architecture

Gartner Defines Enterprise Information Architecture Research Publication Date: 20 February 2008 ID Number: G00154071 Gartner Defines Enterprise Information Architecture David Newman, Nicholas Gall, Anne Lapkin As organizations look for new ways to exploit

More information

Enterprise Asset Management Migration Requires Detailed Planning

Enterprise Asset Management Migration Requires Detailed Planning Research Publication Date: 2 September 2005 ID Number: G00130205 Enterprise Asset Management Migration Requires Detailed Planning Kristian Steenstrup Neglecting to address key areas when migrating to packaged

More information

For cloud services to deliver their promised value, they must be underpinned by effective and efficient processes.

For cloud services to deliver their promised value, they must be underpinned by effective and efficient processes. Research Publication Date: 15 October 2010 ID Number: G00208009 ITIL 'in the Cloud' George Spafford, Ed Holub The cloud-computing delivery model is generating a lot of interest from organizations wishing

More information

Cost-Cutting IT: Should You Cut Back Your Disaster Recovery Exercise Spending?

Cost-Cutting IT: Should You Cut Back Your Disaster Recovery Exercise Spending? Industry Research Publication Date: 11 February 2009 ID Number: G00164764 Cost-Cutting IT: Should You Cut Back Your Disaster Recovery Exercise Spending? Jeff Vining Government CIOs are under increasing

More information

Q&A: The Impact of XBRL on Corporate Performance Management

Q&A: The Impact of XBRL on Corporate Performance Management Research Publication Date: 27 May 2008 ID Number: G00158184 Q&A: The Impact of XBRL on Corporate Performance Management Nigel Rayner Extensible Business Reporting Language is an XML-based standard that

More information

The Limits of Certification and Guarantees in Buying Electronic Health Records in the U.S.

The Limits of Certification and Guarantees in Buying Electronic Health Records in the U.S. Industry Research Publication Date: 3 February 2010 ID Number: G00174011 The Limits of Certification and Guarantees in Buying Electronic Health Records in the U.S. Wes Rishel It is important not to rely

More information

The What, Why and When of Cloud Computing

The What, Why and When of Cloud Computing Research Publication Date: 4 June 2009 ID Number: G00168582 The What, Why and When of Cloud Computing David Mitchell Smith, Daryl C. Plummer, David W. Cearley Cloud computing continues to gain visibility.

More information

The Identity and Access Management Market Landscape

The Identity and Access Management Market Landscape Research Publication Date: 7 November 2003 ID Number: COM-21-4534 The Identity and Access Management Market Landscape Roberta J Witty Integrating identity and access management components into an overall

More information

Eight Critical Forces Shape Enterprise Data Center Strategies

Eight Critical Forces Shape Enterprise Data Center Strategies Research Publication Date: 8 February 2007 ID Number: G00144650 Eight Critical Forces Shape Enterprise Data Center Strategies Rakesh Kumar Through 2017, infrastructure and operations managers, architects

More information

The Next Generation of Functionality for Marketing Resource Management

The Next Generation of Functionality for Marketing Resource Management G00212759 The Next Generation of Functionality for Marketing Resource Management Published: 11 May 2011 Analyst(s): Kimberly Collins This research defines the next generation of marketing resource management

More information

IT Cost Savings With Information Governance

IT Cost Savings With Information Governance G00232238 IT Cost Savings With Information Governance Published: 17 April 2012 Analyst(s): Debra Logan By systematically eliminating redundant information, Cisco has retired multiple legacy systems, eliminated

More information

Best Practices for Confirming Software Inventories in Software Asset Management

Best Practices for Confirming Software Inventories in Software Asset Management Research Publication Date: 24 August 2009 ID Number: G00167067 Best Practices for Confirming Software Inventories in Software Asset Management Peter Wesche, Jane B. Disbrow This research discusses the

More information

Roundup of Business Intelligence and Information Management Research, 1Q08

Roundup of Business Intelligence and Information Management Research, 1Q08 Gartner for IT Leaders Publication Date: 2 May 2008 ID Number: G00157226 Roundup of Business Intelligence and Information Management Research, 1Q08 Bill Hostmann This document provides a roundup of our

More information

The Six Triggers for Using Data Center Infrastructure Management Tools

The Six Triggers for Using Data Center Infrastructure Management Tools G00230904 The Six Triggers for Using Data Center Infrastructure Management Tools Published: 29 February 2012 Analyst(s): Rakesh Kumar This research outlines the six main triggers for users to start using

More information

Recognize the Importance of Digital Marketing

Recognize the Importance of Digital Marketing Recognize the Importance of Digital Marketing Laura McLellan, Lead Author Laura McLellan, Laura McLellan serves CMOs and other marketing executives, sharing how digital strategies are being integrated

More information

Business Intelligence Platform Usage and Quality Dynamics, 2008

Business Intelligence Platform Usage and Quality Dynamics, 2008 Research Publication Date: 2 July 2008 ID Number: G00159043 Business Intelligence Platform Usage and Quality Dynamics, 2008 James Richardson This report gives results from a survey of attendees at Gartner's

More information

Modify Your Storage Backup Plan to Improve Data Management and Reduce Cost

Modify Your Storage Backup Plan to Improve Data Management and Reduce Cost G00238815 Modify Your Storage Backup Plan to Improve Data Management and Reduce Cost Published: 4 October 2012 Analyst(s): Dave Russell IT leaders and storage managers must rethink their backup procedures

More information

IT Architecture Is Not Enterprise Architecture

IT Architecture Is Not Enterprise Architecture Research Publication Date: 17 November 2010 ID Number: G00206910 IT Architecture Is Not Enterprise Architecture Bruce Robertson Many enterprise architecture (EA) teams and their stakeholders still use

More information

Understanding Vulnerability Management Life Cycle Functions

Understanding Vulnerability Management Life Cycle Functions Research Publication Date: 24 January 2011 ID Number: G00210104 Understanding Vulnerability Management Life Cycle Functions Mark Nicolett We provide guidance on the elements of an effective vulnerability

More information

Predicts 2008: The Market for Servers and Operating Systems Continues to Evolve

Predicts 2008: The Market for Servers and Operating Systems Continues to Evolve Research Publication Date: 6 December 2007 ID Number: G00152575 Predicts 2008: The Market for Servers and Operating Systems Continues to Evolve John Enck, Philip Dawson, George J. Weiss, Rakesh Kumar,

More information

Document the IT Service Portfolio Before Creating the IT Service Catalog

Document the IT Service Portfolio Before Creating the IT Service Catalog Research Publication Date: 8 January 2009 ID Number: G00163200 Document the IT Service Portfolio Before Creating the IT Service Catalog Debra Curtis, Kris Brittain IT service portfolios and IT service

More information

Agenda for Supply Chain Strategy and Enablers, 2012

Agenda for Supply Chain Strategy and Enablers, 2012 G00230659 Agenda for Supply Chain Strategy and Enablers, 2012 Published: 23 February 2012 Analyst(s): Michael Dominy, Dana Stiffler When supply chain executives establish the right strategies and enabling

More information

Best Practices for Planning Windows 7 Deployment

Best Practices for Planning Windows 7 Deployment Research Publication Date: 4 March 2010 ID Number: G00174371 Best Practices for Planning Windows 7 Deployment Michael A. Silver Successful migrations to Windows 7 will meet user expectations, are done

More information

The IT Service Desk Market Is Ready for SaaS

The IT Service Desk Market Is Ready for SaaS Research Publication Date: 17 April 2009 ID Number: G00166526 The IT Service Desk Market Is Ready for SaaS David M. Coyle The IT service desk market is well-positioned to use the software-as-a-service

More information

Research. Mastering Master Data Management

Research. Mastering Master Data Management Research Publication Date: 25 January 2006 ID Number: G00136958 Mastering Master Data Management Andrew White, David Newman, Debra Logan, John Radcliffe Despite vendor claims, master data management has

More information

Backup and Disaster Recovery Modernization Is No Longer a Luxury, but a Business Necessity

Backup and Disaster Recovery Modernization Is No Longer a Luxury, but a Business Necessity Research Publication Date: 11 August 2011 ID Number: G00215300 Backup and Disaster Recovery Modernization Is No Longer a Luxury, but a Business Necessity John P Morency, Donna Scott, Dave Russell For the

More information

Critical Privacy Questions to Ask an HCM/CRM SaaS Provider

Critical Privacy Questions to Ask an HCM/CRM SaaS Provider Research Publication Date: 31 July 2009 ID Number: G00168488 Critical Privacy Questions to Ask an HCM/CRM SaaS Provider Carsten Casper, Thomas Otter, Arabella Hallawell The vast majority (probably greater

More information

ERP, SCM and CRM: Suites Define the Packaged Application Market

ERP, SCM and CRM: Suites Define the Packaged Application Market Research Publication Date: 25 July 2008 ID Number: G00158827 ERP, SCM and CRM: Suites Define the Packaged Application Market Yvonne Genovese, Jeff Woods, James Holincheck, Nigel Rayner, Michael Maoz Users

More information

GARTNER EXP CIO TOOLKIT: THE FIRST 100 DAYS. Executive Summary

GARTNER EXP CIO TOOLKIT: THE FIRST 100 DAYS. Executive Summary GARTNER EXP CIO TOOLKIT: THE FIRST 100 DAYS Executive Summary Gartner EXP is an exclusive, membership-based organization of more than 3,000 CIOs and senior IT leaders worldwide. Members benefits from the

More information

Microsoft and Google Jostle Over Cloud-Based E-Mail and Collaboration

Microsoft and Google Jostle Over Cloud-Based E-Mail and Collaboration Research Publication Date: 24 March 2008 ID Number: G00156216 Microsoft and Google Jostle Over Cloud-Based E-Mail and Collaboration Tom Austin Both Google and Microsoft come up short in terms of delivering

More information

Gartner's Business Intelligence and Performance Management Framework

Gartner's Business Intelligence and Performance Management Framework Research Publication Date: 9 October 2006 ID Number: G00142827 Gartner's Business Intelligence and Performance Management Framework Bill Hostmann, Nigel Rayner, Ted Friedman The use of business intelligence

More information

Clients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in

Clients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in Research Publication Date: 15 March 2011 ID Number: G00210952 Clients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in Tim Zimmerman Enterprises must

More information

Microsoft's Cloud Vision Reaches for the Stars but Is Grounded in Reality

Microsoft's Cloud Vision Reaches for the Stars but Is Grounded in Reality Research Publication Date: 4 November 2008 ID Number: G00162793 Microsoft's Cloud Vision Reaches for the Stars but Is Grounded in Reality David Mitchell Smith, Neil MacDonald At Professional Developers

More information

Global Talent Management Isn't Just Global

Global Talent Management Isn't Just Global Research Publication Date: 22 July 2008 ID Number: G00159366 Global Talent Management Isn't Just Global Thomas Otter Global talent management projects must take into account local compliance issues or

More information

BEA Customers Should Seek Contractual Protections Before Acquisition by Oracle

BEA Customers Should Seek Contractual Protections Before Acquisition by Oracle Research Publication Date: 15 February 2008 ID Number: G00155026 BEA Customers Should Seek Contractual Protections Before Acquisition by Oracle Peter Wesche, Jane B. Disbrow Oracle has announced an agreement

More information

Iron Mountain's acquisition of Mimosa Systems addresses concerns from prospective customers who had questions about Mimosa's long-term viability.

Iron Mountain's acquisition of Mimosa Systems addresses concerns from prospective customers who had questions about Mimosa's long-term viability. Research Publication Date: 22 March 2010 ID Number: G00175194 Iron Mountain Acquires Mimosa Systems Sheila Childs, Kenneth Chin, Adam W. Couture Iron Mountain offers a portfolio of solutions for cloud-based

More information