IT should hold vendors accountable for identity applications.
Its been 50 years since General Electric became the first corporation to use computers to process its payroll. Since then, many enterprise applications have sprung up. Resource planning applications appeared more than 30 years ago, and HR and CRM software have become prevalent more recently. The result is that data, often rich in personal identity information, is fragmented in silos across many organizations.
Many CIOs and CTOs seek a way to manage this data in a unified way. One answer is identity management technology. Identity management provides a horizontal view of data linked to personal identities, thus increasing IT professionals ability to manage the data and users access to it. How should you implement an identity management solution? Here are some tips.
First, know what information the enterprise has about a person. Typically, this is permission information, such as rights and rules about accessing data, and profile information, such as a users home address and health records. Then you can determine the appropriate permissions to assign to that person for access to appropriate systems and applications in the enterprise.
Second, know the data flow. Enterprises must consider all the possible ways that data about individuals enters the company, how it is used, where it might gointernally and externallyand who can change that information. Once those processes are documented, they can be automated using identity management. Identity management gives the enterprise control over documented workflow and the granting of access rights, which is critical to meeting laws such as the Sarbanes-Oxley Act.
Third, information security is essential. To deploy and use identity management effectively, an enterprise must have solid security to protect all types of information from loss, alteration or inadvertent disclosure. Without such security, its impossible to deploy an effective identity management solution successfully.
Fourth, select solutions that support or endorse relevant standards. Service Provisioning Markup Language and Liberty and Security Assertion Markup Language will help save your investment across vendors technologies. Pure custom code is expensive; crisp, portable solutions will provide excellent ROI and interoperability.
Fifth, make vendors prove claims. They should be able to describe what the tool does and how it fits into the organization employing it. Ask them for a business architecturea description of the set of business processesthat explains how their identity management solution works. Ask vendors how their identity management solution will use your information security program to ensure identity data safety. Ask them to explain why identity management is needed for a valid privacy program. Then compare their answers with your enterprises needs.
Bill Malik is chief technology officer of Identity Management at Sun Microsystems Inc. Free Spectrum is a forum for the IT community. Send submissions to email@example.com.
Check out eWEEK.coms Enterprise Applications Center at http://enterpriseapps.eweek.com for the latest news, reviews and analysis about productivity and business solutions.
With more than 30 years of experience as a respected industry analyst, consultant and speaker, Ziff Davis Contributing Editor Bill Malik brings perspective and insight matched by few in the industry today.
As President and Founder of Malik Consulting, Bill focuses on the use and benefits that well-designed IT organizations, architectures, technology selection, and operations can bring – and how to achieve and sustain that plateau of productivity and security.
Bill has been in IT for over thirty-three years. He began as a COBOL programmer at an insurance company in Boston in 1974, went into systems programming in 1976, and joined IBM in Poughkeepsie NY in 1978. While there, he held key roles in development, testing, business planning, and strategic planning for IBM's high end operating systems. In 1990 he joined Gartner where he started and led the Information Security Strategies service and managed the Applications Integration and Middleware service, and participated in long range futurology.
Following a stint with KPMG LLP's Information Risk Management area, Bill became CTO of Waveset, a start-up in Identity Management. Waveset was acquired by Sun at the end of 2003, and Mr. Malik became Sun's Director of Security Marketing. He has written extensively on data center best practices, systems management, information security, identity management, privacy, and the long range future.