From Gustav Mahler to Identity & Access Governance

Posted on by Steve Tout in Architecture Guidance


I love classical music and I love a Gustav Mahler symphony even more. Symphonies, to the uninitiated ear, can sound a lot more like noise than music. To the music lover, a symphony is an expression of art in the highest form, a source a great pleasure and beauty to behold.

One of my favorite composers of all time, Gustav Mahler, has been a source of inspiration to me since I was introduced to his work (and in particular his 5th symphony) by the Pastorinos of Glenn, CA (Ellen is the former music teacher at Willows High School) in 1994 and that has fueled an interest in all kinds of classical and symphonic music. Ever since, it has been a rich source of inspiration with interesting parallels to the career I landed in a few years later.

Symphonic thinking

Broken off into groups of players such as horns, winds, basses, trombones, cellos, and such, a symphony is a complex arrangement of instruments, harmonies, acoustics and emotional content. The resulting work in the hands of a director such as Gustav Mahler are his earth shattering 5th Symphony or 8th Symphony “Symphony of a Thousand” which takes an impressive amount of vocal talent to pull off. In the Vintage Guide to Classical Music, Jan Swafford describes the impact of his work on the music world:

After Mahler, there was little choice for composers but to cut back in scope and size.

His life’s work culminated in his competitors deciding there was no point trying to make the symphony any bigger sounding than Mahler. His work brings to close the big symphony of the 19th century and opens the door to the smaller, more intimate quartets and soloists of the 20th century.

From Symphonies To Systems

Shawn Hunter, in his excellent book Out Think, draws the connection between the symphony and the complex networks of today:

Symphonic thinkers see the big picture; they look at the whole system and take their information from a variety of sources. They take a multidimensional approach to solving problems, seeing connections, and finding effective solutions.

The Internet, the connected devices and the amount of trust we place in them every single day has grown to such a profound proportion that there is no shortage of valuable targets for hackers and identity thieves to go after and compromise in order to gain attention, information, power or money. As much effort as businesses and individuals put into protecting themselves and stakeholder, customer and employee information, there continues to be daily revelations about new compromises, hacks, thefts and the like that undermines the trust in the network, compromises personal information, leads to public companies stock prices losing value, forces companies out of business and in some cases endangering citizens.

The systems for Identity & Access Governance are no less complex. They have risen in importance and complexity out of necessity from the digitization of our lives and of interconnected business. Once the taste of e-commerce, social media and networked devices is experienced, it is with those who partake forevermore. We can not reverse the transformations that technology and the Internet have brought upon society; the force of control, profit, efficiency and knowledge is far too great for us to ever go back without the horrific act of terrorism or cyber war.

Choose a descriptive word for complex systems as you wish: constellation, calculus, symphony, etc… to be effective, the future demands that we have much faster and far better connected systems for managing policies, users, resources and systems and that we adopt processes and disciplines that ensure we are achieving ever more towards less risk and danger than we do today. The enemy brings with it an element of surprise, so having a high degree of organization and connectedness is the price of admission. Advanced systems and tools such as SIEM, honey pots, big data, access re-certifications process, adaptive and multi-factor authentication schemes, automated on-boarding and off-boarding, and what Forrester calls “Zero Trust Identity” are increasingly critical parts of the enterprise Identity & Access Governance framework.

Whether you like symphonies or not, they suggest more humanity, irrationality, unpredictability and passion on the same emotional scale that hackers use to try and compromise your network than any of the other metaphors do. I don’t think its any coincidence that Beethoven’s 5th symphony was the soundtrack in the scene in White House Down where Skip, a black hat hacker, had taken complete control over the military defense system. argumentum ad absurdum, perhaps. Don’t wait for your network, applications or information to be compromised to take it seriously.

„Meine Zeit wird kommen“

Translated from German, one of the most quoted phrases we have from the life and work of Gustav Mahler is “My time is yet to come.” The future is serious. The cost of playing offense with effective Identity & Access Governance is almost always worth more than doing nothing. There is nothing of value to be gained if an organization will not make it a focus and find its strategic place in corporate priorities. Gustav Mahler’s time might in fact still come if your organization continues aggressively building its own Symphony of a Thousand Tongues. The careless ones, the slackers, the tired ones, and just maybe those who have their heads too far in the cloud might very well end up with something more like a Symphony of Sorrowful Songs if the program is not embraced with a greater sense of accountability, focus and optimism.

Thanks, and all the best to you and your IAM program in 2014! As always, your comments and questions are welcomed in the comment section of this post.

Subscribe to Forteadvisory group news