Identity Management Is Too Distributed For Comfort

Top Priority
The ability to track temporary or contract employees who have access to sensitive or confidential data is the top reason companies in the Ponemon study implement identity and access management systems. Respondents also say they want to track the activities of privileged users, such as system and database admins, to detect and prevent the disclosure of confidential or private data. Another reason to centralize identity and access management is to cut down on the number of names and passwords that users need to access different applications.

Rohm & Haas, a maker of specialty polymers and other compounds, found that its employees on average have 15 different user names and passwords to access the systems they need to do their jobs. This has contributed to the more than 14,000 password-related help-desk calls last year. "This in reality actually reduces security because users write these things down," says Scott Megill, enterprise architect and program manager.

Rohm & Haas turned to IBM's Tivoli Access Manager, which helps the network pass along users' credentials to a VPN, Lotus Notes, numerous homegrown apps, and more than 70 others hosted by service providers and software companies. Megill hopes by mid-March to have a simplified sign-on approach pushed out to all 17,000 users.

Rohm & Haas is centralizing identity and access management using Microsoft Identity Integration Server as the base-level piping for its identity management system. MIIS brings data together from applications and directories to create the most complete record of information about end users. MIIS adds, changes, and removes accounts based on process rules built into Microsoft's BizTalk Server.

Provisioning requests are handled by BizTalk in conjunction with SharePoint and Microsoft Office InfoPath. They marry a user's request to the type of access needed, Megill says. "If I hire a new sales guy, that should mean something to our IT systems," he says. Rohm & Haas is integrating applications with its identity management system using a service-oriented architecture of Web services connectors based on SOAP and XML protocols.

It's no accident that Rohm & Haas is leaning heavily on its existing Microsoft infrastructure. "If it isn't successful, we will have failed fast and failed cheap," he adds. With the state of identity management such as it is today, any improvement will likely be perceived as a success, providing a defense in the struggle to protect the confidential information about products and employees.