Home » Identity & Access » Identity Management

Identity Management in the Real World

What's identity management? Ask 20 vendors, get 20 answers. But CSOs aren't waiting for a universal definition; they're busy tackling whatever projects meet their business needs.

Boeing, for example, is not making its decisions based on any unified vision of identity management. Quite the contrary, says Lyons. With the company's product and intellectual property critical to national security, it's making its decisions based on primary business drivers, which are compliance-related in nature and inherently risk-averse. It can't afford the risk (despite potential cost-savings) of, say, using the same type of Web-based application for its Department of Defense clients as it does for its airline customers (see "Flying Duo," Page 40). So Boeing uses a separate, proprietary access system and segmented network for agencies connecting in from the DoD. And so, too, will the employee-contractor identity system always stand alone.

Says Lyons, "You need to manage the identities, logically separate how you do authentication, then extend that to make specific resource decisions."

With more than 100 flavors of identity management systems on the market today, Lyons' attitude makes perfect sense. Tailoring the organization to security just won't work. It's the security that must fit into the existing organization if it's to be done right. And given the unique drivers of businesses, it's no wonder identity management infrastructures are as different as snowflakes.