Identity Management's Day Has Come - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // IT Strategy
11:42 AM
Art Wittmann
Art Wittmann
Connect Directly

Identity Management's Day Has Come

For years identity management has been like the weather, IT pros might talk about it, but they've never done anything about it. That's finally changing.

In an age where SaaS is assumed to be part and parcel of IT services, and users are coming into the network on a variety of devices and from different locations, identity management has finally become a sharp enough pain point to get the attention of IT planners. At least that seems to be the feeling at the Interop New York conference happening this week.

Wednesday's three keynote presenters, including the CIO of New York city, a top cloud evangelist for Microsoft, and Cisco's mobility chief all included at least some discussion of identity management in their presentations.

It's not hard to see why. IT pros are users too, and they're no better at remembering dozens of user names and passwords than anyone else. If for some reason they don't feel it personally, a simple glance at the top helpdesk issues in almost any organization will bring the problem into focus.

But the job of actually fixing the problem has historically been problematic. Fixes have been both expensive and less than universal. That's not exactly a formula that places the technology at the top of IT's list of things to do.

Microsoft's answer has always been that the world should revolve around Active Directory. That's now changed, at least from the point of view of Microsoft's cloud chief. In demos at the Interop show, Microsoft showed how Facebook authentication (and its peers) could be used with applications developed in Azure. That may not sound very appealing to IT types, but that Microsoft is open enough to work with third party authentication sends a strong message about what it'll take for SaaS vendors to flourish in the enterprise.

IT pros now routinely understand the importance of extending identity management outside of their own organization. In our recent survey , less than a quarter of IT pros said they they wouldn't extend identity management's reach outside of the company, but of those, slightly more than 50% said that they didn't see a reason for it. It's the rare business that isn't either using SaaS apps, or letting external users access some resources, or that doesn't want to access resources of partners. Chances are very good that there's a good reason to extend identity management past just the company.

[ Check out InformationWeek's in-depth research report on enterprise identity management.]

Cisco, for its part talked about the need for user, device, and location authentication. With typical users running around with laptops, smart phones, and now tablets, it's not hard to image sets of policies that depend upon who you are, where you are, and what sort of device you're using.

I'm not completely convinced that Cisco should be the engine for creating those policies, or for enforcing them--at least not in whole, but the network should be the conduit for collecting the user's particulars and presenting credentials for authentication.

For IT teams, the bottom line is that if you haven't got an identity management scheme in place--one that supports single sign-on for both internal and cloud-based apps--now is the time to figure it out.

Since this policy will affect end users, and the selection of items including SaaS applications, corporate execs and line of business managers need to be brought into the policy discussion. If the app doesn't meet your authentication requirements, then you need to pass on it--no matter how cool it is--and your business-side colleagues need to understand that.

Telling them about an identity management policy only when you're about to prevent their use of a chosen SaaS app won't win you any friends.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
10/10/2011 | 5:44:39 PM
re: Identity Management's Day Has Come
I agree with the previous comment. What do people think about identity management in the cloud (identity management as a service)? Anyone pursuing that?
Brian Prince, InformationWeek contributor
User Rank: Apprentice
10/9/2011 | 4:05:49 PM
re: Identity Management's Day Has Come
Identity management solutions are no longer a consideration for just large businesses with an increase in data breaches hitting the headlines it is imperative businesses consider IDM solution as part of their overall information security plans.

IDM solutions have moved quickly and thankfully there are now a vast array of solutions available to help businesses of all sizes.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll