Strategic CIO // IT Strategy
Commentary
10/6/2011
11:42 AM
Art Wittmann
Art Wittmann
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Identity Management's Day Has Come

For years identity management has been like the weather, IT pros might talk about it, but they've never done anything about it. That's finally changing.

In an age where SaaS is assumed to be part and parcel of IT services, and users are coming into the network on a variety of devices and from different locations, identity management has finally become a sharp enough pain point to get the attention of IT planners. At least that seems to be the feeling at the Interop New York conference happening this week.

Wednesday's three keynote presenters, including the CIO of New York city, a top cloud evangelist for Microsoft, and Cisco's mobility chief all included at least some discussion of identity management in their presentations.

It's not hard to see why. IT pros are users too, and they're no better at remembering dozens of user names and passwords than anyone else. If for some reason they don't feel it personally, a simple glance at the top helpdesk issues in almost any organization will bring the problem into focus.

But the job of actually fixing the problem has historically been problematic. Fixes have been both expensive and less than universal. That's not exactly a formula that places the technology at the top of IT's list of things to do.

Microsoft's answer has always been that the world should revolve around Active Directory. That's now changed, at least from the point of view of Microsoft's cloud chief. In demos at the Interop show, Microsoft showed how Facebook authentication (and its peers) could be used with applications developed in Azure. That may not sound very appealing to IT types, but that Microsoft is open enough to work with third party authentication sends a strong message about what it'll take for SaaS vendors to flourish in the enterprise.

IT pros now routinely understand the importance of extending identity management outside of their own organization. In our recent survey , less than a quarter of IT pros said they they wouldn't extend identity management's reach outside of the company, but of those, slightly more than 50% said that they didn't see a reason for it. It's the rare business that isn't either using SaaS apps, or letting external users access some resources, or that doesn't want to access resources of partners. Chances are very good that there's a good reason to extend identity management past just the company.

[ Check out InformationWeek's in-depth research report on enterprise identity management.]

Cisco, for its part talked about the need for user, device, and location authentication. With typical users running around with laptops, smart phones, and now tablets, it's not hard to image sets of policies that depend upon who you are, where you are, and what sort of device you're using.

I'm not completely convinced that Cisco should be the engine for creating those policies, or for enforcing them--at least not in whole, but the network should be the conduit for collecting the user's particulars and presenting credentials for authentication.

For IT teams, the bottom line is that if you haven't got an identity management scheme in place--one that supports single sign-on for both internal and cloud-based apps--now is the time to figure it out.

Since this policy will affect end users, and the selection of items including SaaS applications, corporate execs and line of business managers need to be brought into the policy discussion. If the app doesn't meet your authentication requirements, then you need to pass on it--no matter how cool it is--and your business-side colleagues need to understand that.

Telling them about an identity management policy only when you're about to prevent their use of a chosen SaaS app won't win you any friends.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Bprince
50%
50%
Bprince,
User Rank: Apprentice
10/10/2011 | 5:44:39 PM
re: Identity Management's Day Has Come
I agree with the previous comment. What do people think about identity management in the cloud (identity management as a service)? Anyone pursuing that?
Brian Prince, InformationWeek contributor
trippledes
50%
50%
trippledes,
User Rank: Apprentice
10/9/2011 | 4:05:49 PM
re: Identity Management's Day Has Come
Identity management solutions are no longer a consideration for just large businesses with an increase in data breaches hitting the headlines it is imperative businesses consider IDM solution as part of their overall information security plans.

IDM solutions have moved quickly and thankfully there are now a vast array of solutions available to help businesses of all sizes.
Transformative CIOs Organize for Success
Transformative CIOs Organize for Success
Trying to meet today’s business technology needs with yesterday’s IT organizational structure is like driving a Model T at the Indy 500. Time for a reset.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Tech Digest Oct. 27, 2014
To meet obligations -- and avoid accusations of cover-up and incompetence -- federal agencies must get serious about digitizing records.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of October 26, 2014 and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.