Identity management tips

Eight suggestions on how to implement identity management smoothly

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Gaining perspective on digital identities Identity road map ROI equations

• Don't let the identity management tool determine how you do things. "Any product that forces you to change your business processes is not one that you want to pick," says Gartner's Roberta Witty. For example, don't pick a tool that requires a role-based infrastructure if you don't already have one.
  
• Get senior management buy-in. Even assuming you follow tip No. 1, these tools still cause business change, so you'll want the support of senior management.
  
• Consider unique infrastructure implementations you may have. For example, Syracuse University had to build extensions to the Business Layers product to deal with the way it implemented load balancing on its Unix servers.
  
• Expect the implementation to take more time than you think, especially if you have to deal with issues such as data cleansing.
  
• Budget heavily for consulting. You'll likely need some help, especially for larger implementations, and help can run two to six times the software license fees, says Witty.
  
• Get lots of people involved. During a weeklong meeting with the vendor consultant, Syracuse's Gary McGinnis says that about 20 people cycled through the conference room, from database and system administrators to line of business representatives. By the end of the week, the university had a list of high-level issues that needed to be addressed, representing a range of perspectives.
  
• Plan for identity management to be implemented companywide, even if it's launched with a project for limited end users, says Kirk Kness of T. Rowe Price. Go ahead and define a lofty strategy, then chip away at it a bit at a time. T. Rowe Price started in 1998 with 5,000 users on its smallest site, for institutional investors. In 2000, it had 30 applications tied in and now has 150.
  
• Define terms. Make sure everybody knows what you mean by terms like authentication, authorization and encryption, Kness says, to avoid wasting time on misunderstandings.

Read more about security in Network World's Security section.