Social Web
Email
Close

Identity management tips

Eight suggestions on how to implement identity management smoothly

By Paul Desmond , Network World , 05/26/2003

Share/Email
Tweet This
Comment
Print

Gaining perspective on digital identities

Identity road map

ROI equations

Don't let the identity management tool determine how you do things. "Any product that forces you to change your business processes is not one that you want to pick," says Gartner's Roberta Witty. For example, don't pick a tool that requires a role-based infrastructure if you don't already have one.
Get senior management buy-in. Even assuming you follow tip No. 1, these tools still cause business change, so you'll want the support of senior management.
Consider unique infrastructure implementations you may have. For example, Syracuse University had to build extensions to the Business Layers product to deal with the way it implemented load balancing on its Unix servers.
Expect the implementation to take more time than you think, especially if you have to deal with issues such as data cleansing.
Budget heavily for consulting. You'll likely need some help, especially for larger implementations, and help can run two to six times the software license fees, says Witty.
Get lots of people involved. During a weeklong meeting with the vendor consultant, Syracuse's Gary McGinnis says that about 20 people cycled through the conference room, from database and system administrators to line of business representatives. By the end of the week, the university had a list of high-level issues that needed to be addressed, representing a range of perspectives.
Plan for identity management to be implemented companywide, even if it's launched with a project for limited end users, says Kirk Kness of T. Rowe Price. Go ahead and define a lofty strategy, then chip away at it a bit at a time. T. Rowe Price started in 1998 with 5,000 users on its smallest site, for institutional investors. In 2000, it had 30 applications tied in and now has 150.
Define terms. Make sure everybody knows what you mean by terms like authentication, authorization and encryption, Kness says, to avoid wasting time on misunderstandings.