- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - Steel manufacturer Nucor created its own intranet-based identity management system. T. Rowe Price brought identity management to customer Web sites using a Web-based access management tool. Syracuse University opted for a provisioning tool to deal with its twice-a-year onslaught of new students who need digital identities. Three user organizations with three business problems illustrate a single salient fact: More than one way exists to tackle identity management.
Identity management involves dealing with individuals in an online world. Ideally, it provides a single view of every individual across IT systems throughout the organization. Experts agree that the problem is the same whether those individuals are employees, customers or business partners. The goal is to "understand who you're working with and what they need," says Joe Duffy, global leader of PricewaterhouseCooper's (PWC) Security and Privacy Practice.
What follows is a guide to help achieve that goal. Duffy describes the process: Evaluate your business objectives and the existing directory structure, including number of applications, users, attributes, roles and rules. Next, devise an architecture and project plan to meet the objectives, choosing among technologies such as authentication, authorization, provisioning and Web access management tools. (If the problem is differentiating your "gold" customers from the rest, for example, a Web access management tool might be the right choice.) Then, determine the order to tie the various applications into the new structure, stage each application, test it and launch it. Ideally, you'll accomplish all that and be demonstrating significant ROI within a year.
This road map wasn't as straightforward when T. Rowe Price first thought about identity management in 1998, says Kirk Kness, vice president with the firm's Investment Technologies group in Baltimore. Back then, there weren't many tools to help with the problem, and those that did exist were in their nascent stages.
The business problem, however, was clear. T. Rowe Price had a number of financial tools - report generators, calculators and the like - that it wanted to provide online to its institutional investment clients. "If we made them log on five different times to do what they wanted, it wasn't going to go over well," he says.
Other companies have to delve deeper to pinpoint their identity issues, says Roberta Witty, research director for information security strategies at Gartner. Is it an external or internal security problem? Is there an administrative issue, such as too many help desk calls for password problems? Are you looking to reduce total cost of ownership (TCO) for access control? Are federal regulations forcing you to examine your security infrastructure? All these questions will help determine the kind of solution you need, Witty says.