Skip Links

How you can use identity management to decide where to invest your hard-earned cash

The economic turmoil and its relationship to IT risk management

Security Identity Management Alert By Dave Kearns, Network World
October 29, 2008 12:05 AM ET
Kearns
Sign up for this newsletter now!

The foundation for security and enterprise management

I came across an interesting posting from Kuppinger Cole's Martin Kuppinger the other day which sought to explain the recent economic turmoil in terms of identity management implementations. Or, as Martin called it: "The economic turmoil - and its relationship to IT Risk Management". Let's delve into his interesting theory a bit more.

The nub of the theory is this: “The companies that have invested in Risk Management and related technologies, down to Privileged Account Management, are not that much affected by the crisis than the ones who hesitated to invest money in [governance, risk and compliance].”

At first glance, it seems to say that by investing in IT Risk Management an organization could protect itself from a meltdown, and some vendors would try to get you to believe this, but that isn’t what Martin was trying to say.

<aside> Kuppinger actually attributes the idea to Lieberman Software’s Kevin Franks, who should know since Privileged Account Management (PAM) is a big area for his company.</aside>

The point Martin was trying to make - a point that resonated with me - is that companies that take risk management seriously in all aspects of their business will be the ones that are more receptive to risk management services and applications for their IT infrastructure.

Unfortunately, from our perspective, we can’t simply look at a list of those organizations who have purchased (or even a list of those who have installed)  PAM, Context-based Authentication, Role-based Governance and Management, or strict Entitlement Management to decide where to invest our money. There will always be those organizations who buy-in to the “latest and greatest” technology simply because it is the current buzz.

What we can say, though, is organizations that haven’t at least planned to implement risk management technologies are the ones we should be running away from when talking about where to invest our money. In simplified form, all of the recent economic woes involved someone’s inability to properly manage risk. It was an important, if very expensive, lesson. Let’s be sure we learn from it.

Read more about security in Network World's Security section.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News