Home » Identity & Access » Identity Management

In Depth

An Introduction to Identity Management

Providing IT managers with tools and technologies for controlling user access to critical information within an organization.

By John K Waters

Page 2

And besides, the government says you have to care about identity management. In 2005, ID heists at ChoicePoint, Bank of America and LexusNexis lit a veritable bonfire under U.S. congressional behinds, and lawmakers began making moves to put the onus for safeguarding customer info squarely on the shoulders of the enterprise. Sarbanes-Oxley, Gramm-Leach-Bliley, HIPAAeach holds the company, in various ways, responsible for controlling access to customer and employee information.

How can an identity management system benefit my business?

Implementing identity management systems and associated best practices in your organization can give you a real competitive advantage in a number of ways. Nowadays, most businesses want and need to provide users outside the immediate organization with access to their internal systems. Opening your network's doors to customers, partners, suppliers, contractors and, of course, employees can increase efficiencies and lower costs. ID management systems can allow a company to extend access to its information systems without compromising security. Controlled identity and access management actually has the potential to provide greater access to outsiders, which can drive productivity, satisfaction and, ultimately, revenue.

One of the biggest cost savings touted by vendors and analysts alike comes from what might seem at first a trivial consideration: automation of password resets. Yet, depending on whose numbers you believe, somewhere around half of all help-desk calls are for password resets. ID management systems allow administrators to automate these and other time-consuming and costly tasks.

An ID management system can become a cornerstone of a secure network, because managing user identity is an essential piece of the access-control picture. An ID management system all but requires companies to define their access policies, specifically outlining who has access to what. That's a fundamental part of what a digital ID is. Consequently, well-managed IDs mean more control of user access, which translates into a reduced risk of internal and external attacks.

An ID management system can also improve regulatory compliance by providing an organization with the tools to implement comprehensive security, audit and access policies. Many systems now provide features designed to ensure that an organization is in compliance.

How do identity management systems work?

A typical ID management system today comprises four basic elements: a directory of the personal data the system uses to define individual users (think of it as an ID repository); a set of tools for adding, modifying and deleting that data (the access lifecycle management stuff); a system that regulates user access (enforcement of security policies and access privileges); and an auditing and reporting system (so you'll have a way to verify what's actually been happening on your system).