Home » Identity & Access » Identity Management

Identity Management in the Real World

What's identity management? Ask 20 vendors, get 20 answers. But CSOs aren't waiting for a universal definition; they're busy tackling whatever projects meet their business needs.

Future phases will involve rolling out entitlement servers in Asia and Europe to improve response times to new provisioning requests. Early next year, several other applications should be provisioned into the infrastructure, and applications will continue to be provisioned during scheduled upgrades and new application development.

"People access our SAP HR data round the clock to make changes like adding and removing employees. Our system pushes out those changes and distributes them automatically six times a day," Johnson says. "Prior to that, all those changesroughly 2,000 a daywere done manually. Even at one minute per change, you're talking 2,000 minutes. That's equal to three people doing this full time."

Furthermore, each application provisioned is one less place the administrator has to manually look for accounts to deprovision, says Phebe Waterfield, security analyst with The Yankee Group. "Deprovisioning is a real bee in my bonnet," says Waterfield, formerly a systems engineer for a financial firm. "It would take one to four hours to deprovision a single user. And even then, you never knew if you got all of them." Reducing RiskReducing sign-on is clearly a security benefit because with one strong password or just a few passwords, users are less likely to put those passwords in jeopardy by writing them down or storing them in a file on their hard drives. But it also creates a single point of entry into all the systems allocated to that password, which could pose an added risk.

That's why BellSouth's Shivanandan is currently evaluating biometrics as an extra layer of authentication in her enterprise.

St. Luke's Episcopal Hospital in Houston coupled smart cards with reduced sign-on in 2001. With workstations sprinkled throughout the hallways, the hospital's 922 doctors were spending too much time reauthenticating on each computer as they did their rounds, says Curtis Burkhart, lead system analyst on the Physician Information System Management Team.

Working with BNX's Authenticated Single Sign-On, the hospital integrated the doctors' user profiles into a single database and granted them access to five of the busiest hospital applications with a single sign-on using the smart cards to authenticate. Doctors must still log on and off of every computer as they proceed along the hallways. But the process of swiping the card through a keyboard reader and entering a self-selected PIN has trimmed five seconds off the original user name and password process. And they need to do it only once for the five most used applications.