Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Can't we all just get along?

Misunderstandings in identity management
Security: Identity Management Alert By Dave Kearns , Network World , 08/13/2007
Kearns
Sign up for this newsletter now!

Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Can’t the auditors and the techies just be friends? Last week’s Network World story by my friend Ellen Messmer got picked up by many publications around the world which ran it under various different headlines, including this one by the U.K.’s TechWorld: “Auditors blame IT for botched identity management.” The original headline was “Survey: Half of compliance pros say their organizations botching identity, access control”, which is bad enough, but at least in that headline it wasn’t just the IT department taking the blame – it was the whole enterprise.

The survey, of audit and compliance professionals within enterprises, was conducted by the well-respected Ponemon Institute, and sponsored by SailPoint, an emerging leader in the field of governance, risk management and compliance. The report neatly complements a study done last spring which asked similar questions of IT personnel (see “User survey highlights difficulty of implementing regulatory compliance”).

When Good Applications Go Bad : View now

Well, maybe “complements” is the wrong word – but the new study does reinforce what I saw as the main points of last spring’s survey: “Fragmented data, inappropriate tools, fragmented responsibility, lack of expertise leading to low priority for implementation – a classic recipe for disaster.” The IT people thought the audit people didn’t understand technology, now we learn that the audit people don’t think the IT folks understand compliance. Oh, and both groups do agree that the business people don’t understand either!

You should download a copy of the survey report and read the whole thing for yourself. But it does indicate to me that there’s some very fertile ground for vendors such as SailPoint (and Aveksa, and Securent and a bunch of others) to act as mediators, conciliators, go-betweens and arbitrators for the various parties within the enterprise that need to at least appear to cooperate when it comes to the extremely important area of compliance management.

Related Content

Upcoming Events:

* The 1st International Conference on LDAP, Sept. 6-7, Cologne, Germany.

* The DataSharing Summit, Sept. 7-8, Richmond, Calif. (I’ll be at this one.)

* The Security Standard, Sept. 10-11, Chicago, Ill.

Check the upcoming events calendar at the Journal of Identity Management and let me know of any I’ve overlooked.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed