In Depth
The Truth About Federated Identity Management
When it comes to setting up federated identity management, the security benefits (and potential drawbacks) are not what you might expect
By Sarah D. Scalet
"We called them back right on the sales floor where they were making the pitch and said, We can do it,'" recalls Burma. So the pressure to deliver on that promise was great indeed.
He likens the intense process that followed to redirecting traffic while the highway is open. Rather than asking for a user name and password, the pension administration program now checks a central identity store—RSA's Federated Identity Manager—to find out who a user is and what he needs access to. "Five years ago, if you would have told me I could trust this [system] enough to show people their Social Security number and the name of their spouse and their pension benefits, I would have laughed you out of the room," Burma says.
It's difficult, if not impossible, to measure the cost savings of reducing one sign-on. However, it's clearly of great value to gain a new customer because of an IT function that you can provide. And going forward, those who've drunk the federation punch believe there's more ROI to come, with a little thing known as stickiness—that is, getting people to order more cookies and conference rooms, because it's easier.
Says Erickson of the business advantages of Aramark's single sign-on setup: "We're in business to make it as easy as possible for people to spend money with us."
When it comes to security, there may be a payoff for federated identity management, and there may not. "Federation is mostly about A, convenience, and B, business enablement," Gartner's Wagner says. "The bump in security is not huge in comparison with the business benefit. We just want to make sure it's as secure as our systems were before."
As for the business case? Maybe that's for someone else to decide anyway.
"The businesses are going to be the ones that ultimately shoulder the cost of doing federated identity," says Brixius, who is in the process of making sure that McGraw-Hill has a solid internal identity management system in place in anticipation of doing federation in the future. "There'll be a lot of decisions based on reducing risk, being able to streamline the processes, creating the value proposition for our customers. I believe there is going to be an ROI. The businesses will come up with that. They'll be the driving force, and we'll be in a position where we'll be able to implement that—whether it's outgoing or incoming—to support the business needs." n
Other stories by Sarah D. Scalet
federated identity management
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- WagerWorks Takes Fraudsters Out of the Game Using iovation
- Implementing Best Practices for Web 2.0 Security
- Credit Issuers: Stop Application Fraud at the Source with Device Reputation
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
