Identity: more than just security

Identity management and the associated identity servers and protocols are becoming increasingly important components of corporate information-security strategies. But to look at identity purely as a means for authentication (and subsequently, authorization) is to miss the greater point: identity is the link between the business process and the people implementing the business process.

Some companies today have developed their CRM systems to a level that gives them unprecedented insight into the habits and needs of their customers. What is surprising is that many of the same companies probably have much less insight into their own employees. While outward-facing Web sites and customer touch-points are highly personalized, intranets and help desks are lagging.

If I call my phone company and ask for customer service, they will likely know when I last called, what I wanted and how much money I spent with them recently. If I call my corporate help desk, shouldn’t they know who I am, what my level of technical competence is and what problems I have recently faced?

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Identity management and the associated identity servers and protocols are becoming increasingly important components of corporate information-security strategies. But to look at identity purely as a means for authentication (and subsequently, authorization) is to miss the greater point: identity is the link between the business process and the people implementing the business process.

Some companies today have developed their CRM systems to a level that gives them unprecedented insight into the habits and needs of their customers. What is surprising is that many of the same companies probably have much less insight into their own employees. While outward-facing Web sites and customer touch-points are highly personalized, intranets and help desks are lagging.

If I call my phone company and ask for customer service, they will likely know when I last called, what I wanted and how much money I spent with them recently. If I call my corporate help desk, shouldn’t they know who I am, what my level of technical competence is and what problems I have recently faced?

The lack of consolidated and comprehensive identity systems is the culprit for this disconnect between a company’s business processes and the people who make up the company. If you only see identity management as a means of locking down corporate information then you are missing the potential to use identity to align the business and IT strategies of a company. Here are some examples of the benefits of delivering identity as a service, through a “layer” of systems and protocols:

* Help desk systems rarely track patterns across users. In fact, most help desk systems are “problem-centric” rather than user-centric. With a comprehensive identity layer, help desk systems can track historical patterns and help identify the best way to help a user, taking into consideration past experiences, level of skill, role, urgency etc.
* Corporate intranets use identity mostly as an authorization mechanism. With collaboration tools and a broad identity layer, corporate intranet sites can deliver highly customized (and more relevant) information to each user.
* Identity information can improve security decisions, especially for security incident response. If you look at security as a user-centric activity, you can enhance your security posture and response by using identity to track behaviors and habits. If a user is online from home at 3 a.m., that could be a potential security issue. Armed with knowledge of your users’ usage patterns, you might determine that it is not a threat - some people are more productive at night.
* Finally, identity plays a very important role in collaboration applications. In instant messaging, for example, presence is currently implemented quite crudely - as a binary (on/off) value. But, if you combine presence with personalized policies based on user identity you can create a more fluid collaboration environment.

Identity is a pillar of security systems, especially as the perimeter becomes more porous and as enterprises extend their applications to clients, partners and suppliers. But identity systems go much further, especially if implemented as a comprehensive and ubiquitous layer of standards and open protocols. Identity is the glue that connects applications and business processes to the individuals that make up an organization. Shouldn’t your employees get IT services as personalized as your customers do?