In Depth

Identity Management in the Real World

What's identity management? Ask 20 vendors, get 20 answers. But CSOs aren't waiting for a universal definition; they're busy tackling whatever projects meet their business needs.

By Deborah Radcliff

November 01, 2004CSOBellSouth's call center employees often need to access several applications to answer a single customer service call. Each time they have to type in a new passwordor retype the same passwordit makes the call take a little longer. And in call centers, where manpower is the biggest expense, time wasted means money lost. BellSouth's answer to this problem is an identity management project that allows the call center reps to access the company's most commonly used applications with a single log-in.

BellSouth's project might not fit the information technology industry's definition of true identity managementwhich would include not only single sign-on, but also strong authentication (proof-of-user identities) and rule- or role-based provisioning (automatically providing access to the right applications and data)but the industry definition misses the point.

This is identity management in the real world, where CSOs live and work.

Companies ask two critical questions of their employees and business partners: Who are you? And what resources do you need to do your job? Simple questions, yes. But when you've got hundreds or thousands of employees, customers, databases, systems and physical plants, the answers become exponentially more complex. Identity management aims to simplify and automate those answers. In fact, the early hype claimed that identity management would solve those problems completely. Early adopters, though, found that trying for the whole enchilada typically resulted in severe indigestion, as they wrestled to implement systems, cobbling together directory tools, biometric systems, single sign-on applications, workflow software and a host of other technologies.

Today's CSOs have scaled back their expectations and are happier for it. Ask a dozen companies to describe their identity management projects (for this article, we did), and you'll get as many different answersfrom reduced sign-on at BellSouth to provisioning-focused work at Halliburton to smart card-based network and facility access at Boeing.

"A lot of people use the term identity management loosely," says John Lyons, Boeing's manager of identity systems and services. "I think it's academic. Identity management is a matter of what your particular business model is." Lyons certainly has hit on the heart of the matter. In some cases, narrow identity management solutions will scale up to greater ambitions. In others, the scope may remain small. CSOs at both extremes report with great pleasure that identity management pays off in very concrete ways when the scope and details are determined by the needs of the business.Cutting Password ClutterAt most sizable companies, passwords are like potato chips: Bet you don't have just one.

RESOURCE CENTER
Loading...
WEBCAST
Gartner Video: Best Practices for Web Application Security and Compliance

Cenzic Faced with the growing threat of hacker attacks, how do you protect your data and your corporate reputation while increasing revenue?

» View this Webcast

WHITE PAPER
Email Continuity: Don't Know What You've Got Till it's Gone

MessageLabs Today, more email is being sent and attachment sizes are becoming larger. This means that security, archiving, and continuity systems must be able to scale easily. Learn to manage your email better…

» View this White Paper

Featured Sponsors