• United States

Directory projects worth the pain

Mar 10, 20033 mins

Survey of large users says systems provide ID management, security platform.

Corporate directory projects can easily top $4 million and are rife with peril, but companies that successfully deploy the technology have the ability to unify user identities and build new security services, according to a new report.

Corporate directory projects easily can top $4 million and are rife with peril, but companies that successfully deploy the technology can unify user identities and build new security services, according to a new report.

Creating, maintaining and using digital identities, known as identity management, is such a critical issue that it is sparking conversations right up to the highest levels in organizations, says Gerry Gebel, an analyst with Burton Group and author of the report, titled Directory Strategy Survey: Organizations Share Their Real-Life Experiences

“To begin building federated identity services, single sign-on, and attribute sharing between partners and different security domains, you need to get a directory established that is an authoritative source of data,” Gebel says.

But that’s not easy. The survey, which details the trials and tribulations of nearly a dozen directory projects at large, unnamed global companies, found that the average directory project cost between $2 million and $4 million last year. Those figures included software, hardware, staffing and professional services. The projects lasted from 12 to 18 months.

And that may be the easy part. Like any large project, building a directory requires approval across an organization. The survey found that successful directory projects began with building a strong business case, lining up supporters within the organization and establishing a directory governance model that stays in place from implementation through operation of the directory. Also important was developing a set of guiding principles and detailed documentation.

“With the directory, we find a lot of people don’t get it,” says Gebel, who wanted to show what others have done to create awareness of how successful directory projects are run.

The survey participants built directory services that provide a central user identification repository that integrates with applications and serves as a platform for general-purpose security services, such as authentication and authorization. Most had implemented metadirectory services to link multitiered directories.

From there, most users planned to add features such as self-service capabilities, provisioning and password synchronization.

But getting to that point presents many challenges.

“Who owns data and who is responsible for data can become a nasty business to sort out,” says Gebel, adding that creating a business case and documenting ROI are other challenges.

“You can build the business case on identity management but that doesn’t make your project a fait accompli,” he says.

The survey found that most projects benefited from governance teams that developed standards, content rules and data usage guidelines.

“A directory gives you a foundation and the ability to move quickly as your business changes,” Gebel says. “But it’s not about the directory, it is about managing data.”

Lessons learned

A recent Burton Group survey of large corporate users who successfully had completed a directory project highlighted a number of lessons the companies learned.
The most difficult issues will be political in nature.
Many data owners resist allowing data to be stored in the directory; multiple parties may declare ownership of an attribute; or no owner will accept responsibility for an attribute.
Data quality before the implementation is probably worse than anticipated.
Virtual project teams can virtually disappear when priorities change in other organizations and business units.
Targeting the easy wins or “low-hanging fruit” demonstrates success early in a project.