• United States



by David Senf

Identity Management: Securing Your E-Business Future

Mar 07, 20036 mins
CSO and CISOData and Information Security

The entrenched mantra of IT spending targeted to leverage legacy investments resonates with identity management solutions. Organizations have significant investments in legacy directories, applications, and systems and therefore need to integrate this value into their projects. However, there is a clear need to reduce the complexity of disparate solutions. Integrating identities across legacy solutions preserves existing IT infrastructure and defines a path for managing relationships beyond the firewall. As customers, suppliers, partners, and employees conduct more interactions over the Web, the need for system and information consolidation becomes more critical, and identity management is a key piece of this puzzle.

The integrated management of identities facilitates a seamless interactions between individuals and machines essential to ebusiness. Securely communicating identity attributes, policies, and preferences both behind the firewall and over the Web is a multifaceted endeavor, involving IT/business process integration, regulatory restrictions, and unsettled standards. However, the CIO can deliver reduced costs of employee/contractor churn, greater customer security/privacy, and more rapid supplier/partner integration by undertaking the investment of integrating identities both within the enterprise and across the value chain. Moreover, by deploying the components of identity management -single sign-on (SSO), automated self-service/delegation, and account provisioning – the CIO can redeploy labor to higher-level tasks.

IDC estimates that expired user accounts may be upwards of 60 percent of all accounts in corporate systems. This renders enterprises open to serious security vulnerabilities. Identity management simplifies the activation and deactivation (known as provisioning) of employee accounts, access rights policies, cards, and other privileges. Automated provisioning provides the capability to activate and deactivate a user from across multiple points within a consolidated interface. Therefore, managing the churn of employees and contractors is less costly from systems and personnel perspectives. Furthermore, the security of enterprise resources is better protected.

As employees change position, address, and other work/personal information, multiple systems will inevitably need to be updated by multiple individuals. Identity management solutions offer the ability to self serve. Employees can update their own information through either automated or live approval. Furthermore, the change of information or access rights can be delegated to the groups within which an employee works. “Groups” are definable by characteristics such as geographic location, work/project function, and LOB (Line of Business), among other potential assignments.

Within the enterprise, there are many disparate directories across which identity attributes, policies, and preferences cannot flow. This lack of fluidity, at a minimum, has users needing to log in to each application or data store separately. With more usernames and more passwords to remember, there will inevitably be an increase in calls to the help desk for a memory/password refresh. Addressing this problem, one facet of identity management is to provide SSO for employees, customers, and other system users. Enabling employees, for instance, to log in just once and have access to all necessary information and functionality provides a more seamless work environment. Moreover, with a reduced list of usernames and passwords, the help desk should receive fewer calls. Additionally, identity management solutions can facilitate the management of employee self service for password reset, which can further diminish help desk calls.

Other dimensions to identity management worth exploring include the privacy and security concerns of consumers interacting with the enterprise. The magnification of these concerns is increasing as more commerce migrates to the Web and as more personal data is collected, stored, and potentially shared without permission. In response, the legal landscape is reflecting these concerns within guidelines, policies, and laws. The United States, European Union, and other nations, including Canada, have guidelines and legal requirements governing the treatment of user data. An identity management solution should facilitate compliance with legal responsibilities and be flexible to allow changes in legal and other requirements when amended/updated. Identity management solutions are increasingly shipping with the facility to grant and/or limit information flow within the boundaries of legal requirements.

As the deployment of identity management solutions extends throughout the enterprise, enabling fuller end-to-end interoperability, the following tangible and intangible returns emerge:

  • Reduced complexity through consolidation of identity information into a metadirectory connecting identity details from across the enterprise, including attributes, preferences, and access rights policies
  • Extends investment in current IT infrastructure while defining a path for managing relationships beyond the firewall
  • Reduced cost of employee/contractor churn through integrated workflow and provisioning of user identities
  • Reduced helpdesk costs through delegation and self service from within and outside the enterprise
  • Enhanced customer experience by enabling higher levels of personalization, privacy control, and seamless information access
  • Support for a scalable and flexible business strategy evolving toward a more open “plug and play” business/IT architecture ready for Web services deployment
  • Higher and more consistent levels of security and privacy for customers and all stakeholders interacting with enterprise systems and data

The challenges, of course, are not limited to identity management behind the firewall. In fact, the dynamic nature of partner and supplier relationships combined with disparate IT infrastructures poses a steep challenge. The much popularized Web services standards are beginning to break down these challenges. These standards are in turn enabling/necessitating cross-organization identity management.

Managing identity across a federation of suppliers and/or partners is accomplished with greater ease, given a common set of standards. Moreover, higher levels of functionality can be written into the standards to support more robust relationships and privacy/security protection. WS-Security and the Liberty Alliance are designing and promoting specifications to open the interoperability of user authentication, authorization, privacy preference, and other identity details. SAML (Security Assertions Markup Language), which is taking hold as the means of interorganization federated identity management, is incorporated into the specification from both of these groups.

To achieve the level of integration required to manage identity across platforms, applications, and, most important, directories, solutions based on standards are critical. Moreover, an identity management solution must provide legacy adaptors to facilitate a smoother “out of the box” deployment. Furthermore, an identity management solution needs to be integrated gracefully within the workflow of the enterprise; the purpose behind managing identities is to reduce the current complexity – not add to it.

If you have any questions or would like more information, please contact Michael Hyjek at IDC at 1-888-432-2812 or