The Need For Identity Management - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:09 PM

The Need For Identity Management

Businesses are building systems to manage access to applications and data. Just how much risk is there?

Trust is a risky proposition in the business world. If a valued partner tells you John Smith is a trusted employee and authorized to do business with you, how much will you trust Mr. Smith? Can he look at confidential customer lists? Check inventory levels in your warehouse? Order millions of dollars of products? Change the technical specs of an engine design or a drug under development?

Those are issues confronted every day by business-technology managers in charge of developing identity-management and access-control systems. Those systems, if implemented properly, promise to improve security, boost worker productivity, cut costs, and reduce the "integration friction" usually connected with giving employees, business partners, customers, and suppliers access to internal systems. However, businesses without strict identity-management procedures risk having attackers use old employee passwords to gain illegal access to applications and information, or they could run afoul of government data-privacy regulations.

ID-management vendors such as BMC Software, Computer Associates, IBM Tivoli, Netegrity, Novell, Oblix, and RSA Security have promised for years that their software would deliver those benefits. However, there are few industrywide standards and most applications are proprietary. This forces companies to install a hodgepodge of software and devote a great deal of time to getting the apps to work together--even before making them work among businesses.

Michael Barrett, VP of Internet systems at American Express Co.

Simplified access can improve employee productivity, American Express VP Barrett says.

Photo by Jon Gipe
It can take as long as nine months for two companies to integrate separate ID-management apps well enough to allow employee authentication and authorization across company borders, says Michael Barrett, VP of Internet systems at American Express Co. That's why most businesses are focused on improving their internal ID-management controls to make it easier to identify and authenticate employees and customers seeking to access internal information.

But an increasing number have more ambitious goals: tightly integrating ID-management systems with those of partners and suppliers. Those ambitions will help fuel a growing market for identity-management products. Worldwide sales of identity-management software are expected to grow from around $2 billion in 2002 to more than $3 billion in 2007, the Yankee Group research firm predicts.

Costs for identity- and access-management systems range from $5 to more than $25 per user, depending on features, research firm Gartner says. A company with 10,000 employees that automates provisioning for 12 applications can save about $3.5 million over three years and see a 295% return on investment. The savings largely come from slashing time spent managing user access by 14,000 hours annually and cutting help-desk hours by 6,600 annually, according to Gartner.

Identifying Sales GrowthThe management of electronic identities includes the software and procedures needed to know with certainty the identity of a user, company, device, or application seeking access to systems, networks, and applications, and to manage their access rights. In addition to the basic user name and password required by most systems, some require a smart card, token, or other device to help users prove they are who they claim to be.

The long-term objective is clear: Build a series of interconnected systems so an employee logged on to his company's intranet can access a business partner's systems and have those systems automatically trust the employee's digital credentials. The way to do this is through standards.

But at the moment, there may be too many security specifications and standards. There's the Security Assertion Markup Language, an XML-based framework for exchanging security information. The Liberty Alliance, a consortium of more than 150 companies developing an open ID-management standard, is developing a security spec that extends SAML. IBM, Microsoft, and VeriSign also are pushing their own security specifications. Unfortunately, most of those standards don't speak directly to each other.

Search the InformationWeek Media Network for more stories about this topic:

Until there's a single ID-management standard, businesses are making do with the tools available today. "There are a lot of companies doing what we're doing," says American Express' Barrett. "They're kicking the tires and deploying it in an internal way." American Express is working on an ID-management initiative designed to deliver its business credit-card and travel services directly to the customers' intranets. "We're getting pressure from our corporate clients to be able to use our services in such a way that they can link [them] into their identity-management systems without having to create and manage a separate user name and password for each service," Barrett says.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 4
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
Register for InformationWeek Newsletters
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll