How To

How to Make a Business Case for Identity Management

Sure, a good identity management program is great for security and oftentimes necessary for regulatory compliance--but there are productivity and efficiency benefits as well. Kate Walsh IDs five tips for finding and articulating the business case for IDM.

By Katherine Walsh

April 03, 2008CSO

Over the past couple years, identity management technologies, including provisioning, web access management and directory services, have been joined by an emerging set of technologies that involve role management, identity audit and governance, and entitlement management. These technologies can play a key role in meeting both business requirements related to auditing and reporting, and security requirements regarding user access to sensitive applications and information.

But there are other business benefits as well, including improved performance and productivity for employees, more efficient provisioning for system administrators, decreased help desk costs and improved compliance. If you're just getting started on an identity management project, or even if you're well on your way, here are some tips on how to make a business case for identity management.

1. Decide What IDM Means to You

IDM's complexity lies in the fact that it means different things to different people, says Bryan Palma, vice president of global information security at EDS and former CISO of PepsiCo. One of the first things you should do is decide what it means to your organization. "In some circles [like the government], IDM means credentials, hard physical access and authentication," Palma says. In that case, "IDM is more about HSPD-12 than a back-office approach of how to manage users." (Learn more from our in-depth article about HSPD-12, the federal government's smart-card project.)

Vendors are integrating many of these technologies. Palma says that as a general rule, a companies offer an integrated system with the three core components (directory, provisioning and web access, which will be used to manage user provisioning, on-boarding and off-boarding), and also, possibly, for a physical component, such as credentialing. "The challenge there is the people who are more interested in the credentialing authentication piece aren't pursuing the back-office identity, and vice versa," Palma says.

Ultimately the choice comes down to where people want to invest their money. "The government is more concerned with access, so they tend to be less focused on how they can run something efficiently on the backend," Palma says. "But the directory, provisioning, web access piece is a business and productivity issue."

2. Articulate the Business Performance and Productivity Benefits of IDM

To hear Palma tell it, IDM is the rare case where where security is not at all something that gets in people's way. "There are few places where security can actually make a case around productivity and performance," Palma says, "and impact to the end user and identity is one of them"." That's why 'Palma tells his clients to focus on this area--because business productivity is something people can "get their hands around easily." (To learn more about the benefits of embarking on an identity management project with business partners, see our in-depth coverage of federated identity management.)

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

Digital Identity Protection and Data Security Get Personal

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Manage your IT more effectively

IDC Defines an Identity and Access Management Submarket

Solving Online Credit Fraud Using Device Reputation

Secure your virtual and physical environments with the same software

Any company can promise identity protection. Only Debix can prove it

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

Using Likewise to Comply with PCI Data Security Standard

Enabling Compliance with Converged Mainframe Security and Storage

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Understanding Data Location is Imperative for Data Loss Prevention

5 Steps to Secure Outsourced Application Development

Welcome to the age of Service-Oriented Security (SOS)

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Efficient - Flexible - Compliant

Simplify your data center with Juniper Networks. View the webcast

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Get in Compliance With Government Data Regulations

Taking the Botnet Threat Seriously