Skip to main content

Creative Destruction: The Case for Identity & Access Management

April 22, 2013

Sixty years ago, Austrian economist Joseph Schumpeter adapted some of Karl Marx’s analysis of capitalistic systems and developed the so-called ‘Creative Destruction’ theory. The gist of the theory is that creativity is the force that gives birth to an innovation, whereas innovation destroys the existing disposition of power; companies possessing technological, organizational, or regulatory innovation outperform their competitors.  Innovation leads to competitive advantage and monopoly power in the short run. However, in the long run the propensity for creative destruction promotes constant search for advancement, profit maximization (at the micro/company level) and economic growth (at the macro/national level). 

The power of innovative advantage can be illustrated using the following comparison: in the industrial economies (before 1950s for western markets) distribution fell into the 80:20 ratio, where 80% of market wealth was accrued by 20% of companies in the market. However, in some branches of the post-industrial economies this ratio can go to 95:5 and even to 99:1 (companies like Amazon, eBay or Facebook can be referenced here). Competitive advantages that led to such ratios vary, but they all are based on the IT-related innovations, whether it is a Web-based business model of the dot-com decade or API-related indirect communication channels of today’s ‘app economy.’ 

So, what does the Identity and Access Management (IAM) space have to do with the Creative Destruction concept?  The answer is two-fold:

  1. On one hand, the IAM space by its own nature dealt – and continues to deal – with a huge number of big, breakthrough concepts and technologies. This started with the adoption of LDAP (Lightweight Directory Access Protocol) in the mid-1990s, followed by directory virtualization, and, finally with today’s buzz concepts of federation, cloud computing, and social networking. This has found its way in a fact that modern IAM / Identity and Access Governance (IAG) solutions which are based on the aforementioned innovative and best-of-breed technologies can handle complex tasks such as advanced self-service password management, cross domain single sign-on or on-the-fly provisioning to the cloud.  However, this is only the first part of the answer.
  2. Unfortunately, there exists no universal IAM / IAG solution that will directly increase your innovative advantage and boost you into that 80:20-ratio category solely on its own (or the 1% bracket especially). Nor will a single piece of technology make you a leader in your vertical. IAM’s functions, however, are not limited to IT security only and this is another aspect why IAM is important. At a conceptual (and very general) level, most enterprises fall into the model pictured below that portrays several functional layers:
    • Layer 1:  The external layer is where customers meet products and services.
    • Layer 2:  The processes layer is where numerous business processes (revenue, procurement, HR on/off-boarding and review processes, reporting, etc.) that support the external layer reside.
    • Layer 3:  Finally, this is the layer that hosts IT architecture, platforms and applications that enables the smooth functioning of the two upper layers.

IAM’s role in this three-layer system can be multi-facetted: it can be considered as one of the business processes within layer 2, part of the layer 3 security architecture or (as the graphic illustrates), IAM can build its span integration ties between all three layers. This integration view is probably the most accurate as both products/services quality (layer 1) and business processes execution (layer 2) rely heavily on the IT level (layer 3) necessitating application and platform availability. It is where IAM processes step in and—through stronger security, enhanced compliance and more efficient administration—ensures better integrity of the enterprise ecosystem outlined below.

Figure – Functional enterprise layers and IAM

IAM Figure


However, the introduction of something like a new, innovative service introduced within layer 1 or new application / platform adopted in layer 3 can often not achieve the expected business result r return on investment. This is not necessarily because the innovation is “bad,” but simply because employees do not get appropriate and timely access to the new, innovative service or application.. This is precisely where a properly developed and implemented IAM solution / process plays critical role in creating improved business efficiency, better system integration, and eventually a higher ROI. In this sense, IAM is truly an enabler of not only successfully adopting new technology and services, but also an important tool in recognizing the maximum value of those investments.

Finally, as business process innovations (layer 2) start to be perceived as  important as product innovation, efficient IAM that uses synergies of underlying technologies will promote increased agility.  This recognition is helping enterprises adjust to dynamic business models and support changing corporate goals. Adaption of the IAMaaS (IAM as a service) that we are witnessing today is a perfect example of business process innovation which is based on the destruction of a traditional on-premises IAM model that became possible because of cloud technologies creation.  

The greatest thing about any good theory is that it holds true over time (and is applicable in heterogeneous environments/verticals). If Schumpeter’s analysis is applied to today’s IAM realities, it becomes obvious that it remains more than relevant as well as provides practical implications. As stated above, there is no ‘one-size-fits-all’ enterprise IAM solution, but sound IAM processes that strategically leverage the advantages of cutting-edge technologies can play a key role in your business’ competitive advantage. In the end, well-grounded IAM strategy based on proven philosophical and analytical approaches will contribute to your company’s ability to position your organization more competitively in the market.

Related Blogs

October 25, 2013

How Francis Bacon - the 17th Century Philosopher - Can Help Develop Your InfoSec Business Case

You might be surprised to learn that lots of today’s process improvement techniques (Six Sigma, Lean, and TPS) have elements rooted all the way back i...

See Details

November 20, 2013

Navigating Compliance Controls in the IAM Space

We previously covered developing the business case for IAM and briefly touched on the role of ROI analysis for investment justification. While calcula...

See Details

November 29, 2017

Five Steps to Ensuring a Successful Identity and Access Management Solution Deployment

After endless cost-benefit meetings, business case rewrites and months of organizational readiness activities, your identity and access management (IA...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

April 23, 2014

INFOGRAPHIC: Making Sense of IAM

Let’s face it, developing an Identity & Access Management (IAM) program can be a complex undertaking that must be tailored to each organization’s uniq...

See Details

July 25, 2017

Identity and Access Management Program Primer

Learn how to create an identity and access management maturity roadmap tailored for your organization.

See Details

May 17, 2017

Identity and Access Management Strategy Workshop

Learn how Optiv can help you align Identity and Access Management initiatives with business goals and best practices.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.