April 11, 2007

What Precisely is Identity Management?


“The human experience of IDENTITY has two elements: a sense of belonging and a sense of
being separate.” - Salvador Minuchin, 1974

Identity management technology is ideally suited to automating processes that enable Sarbanes Oxley compliance. It specifically addresses security processes associated with establishing “adequate internal controls” around financial reporting, as required by SOx section 404(a). By mapping these processes as well as internal security policies to automated identity management, enterprises can leverage highly efficient and cost-effective technology frame-works for improving security and ensuring compliance. In addition, the right identity management solution can bring about greater operational efficiencies in general, and provide a significant return on investment for the enterprise.

Drivers for Identity Management
• Organizational Efficiency. Enable transactions and person-to-person communication.
• Competitive Advantage. Capturing new or larger shares of markets and enhancing company position against competitors.
• Security. Enable authorized access and prevent unauthorized access to information and services
• Speed of Reaction to Change. Mergers, reorganizations, departmental moves.
• Fraud Prevention. Hard to quantify, but can clearly provide major savings.
• Consistent Treatment of the Individual. “End-to-end” management of employees, “single view of the customer,” “joined-up government.”
• Integrated Information Infrastructure. Enable move away from “information silos” and “IT-processing chimneys.”

Real world Examples:
An Indian Office of a top US company, paid salary continously for six months after an employee left the organization.

In one of my previous organization's, the email id of my colleague who left the company existed for almost eight months after he left.

Similarly, in every organization, the current approaches to User/Identity management are crude and fail to provide complete security. A one time Provisioning and one time deprovisioning of identities, with complete auditing facilities for every account created or deleted will be the better solution for the existing problems. This is nothing but Identity Management.

This Domain majorly is composed of the following technologies/domains

1. LDAP/Databases
2. Identity Management
3. Access Management
4. Federation

Product Companies:
The top company for IdM, not to boast but a fact is SUN Microsystems. To see the players in the IdM market and thier positioning, try to google for "Gartner's Magic quadrant for User Provisioning".

I shall try to provide some slides in the near future on the same topics. Meanwhile, enthusiasts are request use the most powerful knowledge tool - GOOGLE.

8 comments:

  1. The topic of the “10 most important people” in the identity space came up the other day, and it got me to thinking. Accordingly, I put together my list:

    1. Jamie Lewis, CEO, Burton Group: Jamie is always at the top of his game; staying on top of identity trends. In addition, he and Craig Burton wrote the original whitepaper outlining the concept of a “meta-directory” - which essentially gave birth to the identity industry.

    2. Kim Cameron, Architect for Identity, Microsoft: Besides building a meta-directory that Microsoft bought (now Active Directory), Kim started the “Laws of Identity” conversation that has resulted in InfoCards in Vista, and multiple conversations around “user-centric” identity.

    3. Sara Gates, VP of Identity, Sun Microsystems: I’m pinpointing Sara, but this is really aimed at the entire Waveset team (which was acquired by Sun). That acquisition (and the people that came with it) was a turning point in Sun’s identity management business.

    4. Michael Barrett, ex-President of The Liberty Alliance: Michael shepherded Liberty through its early years and represents all of that early, hard work that came out of Liberty and directly contributed to SAML2.0 - which became a point of convergence that accelerated all federated identity initiatives.

    5. OASIS, standards body: Alright, so its not really a person, but when a standard comes out of OASIS (be it WS-Security or SAML) it gets traction, and identity would not be where it is today without them.

    6. Mike Beach, Boeing: Mike was one of the earliest adopters of SAML, but that’s not why Mike is on this list. Mike is here to represent all of the engineers working inside of the enterprise that slave away day after day trying to make all of this identity “stuff” work.

    7. Regulators and Legislators: Again, not a single person, but a group of people. Whether its the FFIEC (with their guidance for online authentication in a banking or brokerage context), or Congress (with the requirements of SOX and GLB), these folks drive identity technology forward, even if unknowingly.

    8. The “little guys”: By “little guys,” I mean all of the smaller companies and developers that are out there innovating in one way or another. This list is long (and this is not inclusive): Sxip, Johannes Ernst, A10, Identity Engines, Trusted Network Technologies, Applied Identity, InfoExpress, Prodigen….it goes on and on.

    9. The Kid in Nebraska: He’s probably 17 or 18, and he doesn’t know it yet, but he’s going to come up with the identity *application* that the entire world adopts.

    10. The Readers of Digital ID World: Okay, this is as much a “thank you” as anything. We’ve been doing this since 2002, and without our readers (vendors, enterprises and individuals) we wouldn’t know anything.

    That’s my Top 10 Most Important Pepole in Identity. So tell me, who did I miss?

    ReplyDelete
  2. Nice post on IDM for Layman like me...always wondered whts diff between SSO and IDM !

    By the look of it SSO is a subset of IDM ??

    I love the Gartners docs!! Wasn't aware there was one for IDM too..

    Thanks a lot of the Insight !!


    Hope we have a Post-2 Further Insights into IDM

    ReplyDelete
  3. I think IdM is made up of two key parts. First is the provisioning part. This is the automation of processes to provision users, applications, and systems to gain or remove access to applications and systems. This part also includes self help processes like password management and user information update. The second part is identity governance which is about meeting some internal policy or to meet some government imposed laws or policies. I believe there are three main reasons that someone wants to build an identity management solutions.
    1. Increase revenue through providing a method for customers to register and manage an account. e-commerce is a good example. For example amazon, ebay, etc..
    2. To automate processes, streamline process, and reduce operational costs. I believe that many IdM opportunity start as this. This would include internal self help pages for password management, user information updates, automated provisioning from authoritative sources like an HR system, and the ability to request and remove access to applications and system.
    3. Identity governance to provide some "proof" of access to meet some regulations.

    ReplyDelete
  4. I think IdM is made up of two key parts. First is the provisioning part. This is the automation of processes to provision users, applications, and systems to gain or remove access to applications and systems. This part also includes self help processes like password management and user information update. The second part is identity governance which is about meeting some internal policy or to meet some government imposed laws or policies. I believe there are three main reasons that someone wants to build an identity management solutions.
    1. Increase revenue through providing a method for customers to register and manage an account. e-commerce is a good example. For example amazon, ebay, etc..
    2. To automate processes, streamline process, and reduce operational costs. I believe that many IdM opportunity start as this. This would include internal self help pages for password management, user information updates, automated provisioning from authoritative sources like an HR system, and the ability to request and remove access to applications and system.
    3. Identity governance to provide some "proof" of access to meet some regulations.

    ReplyDelete
  5. In my opinion Identity management at it's core is about two key things and possibly one sub area.
    i. It is about the provisioning and deprovisioning of users, applications, and systems into a user store for access to applications and systems.
    ii. It is about identity governance. This part of identity management can be focused on internal regulations and/or policies and provides some "proof of compliance" about meeting some government imposed policy, regulation, or law.
    sub area: I do believe that credentialing is part of provisioning a users identity. Which would include biometric, smart card management, PKI management, or user name and password management. It would include any technology used to identify a user via electronic means.

    Form a business point of view I believe there are three core reason that an identity management solutions gets purchased.
    i. First is to provide a mechanism to register (provision) users to grow a customer base. Examples of this might be Amazon or ebay. They use a self registration process that provides a method for customers to sign up and and have an identity that can purchase products. This could also be an administrator led registration of partners or other users in an e-commerce relationship.
    ii. Is the automation and/or streamlining of provisioning and deprovisioning processes to reduce costs. This would include self help for password management, information updates, and requests for access to applications and systems. This also includes the automation of provisioning from authoritative sources like an HR systems.
    iii. Lastly it is about governance. The ability for someone to "prove" that policies, regulations, or laws about access to systems is met or has been broken.
    I believe that the mechanizes around access to applications and systems is Access Management and is a different discipline. And once combined with Identity Management it is IAM Vs IdM.
    I look forward to your comments on the subject.

    ReplyDelete

This is how we learn. Say it right away ...