How to Unify Identities to Reduce Identity and Access Management Challenges

By Jackson Shaw  |  Posted 2009-04-28 Print this article Print

Organizations struggle with complex, heterogeneous environments that require users to have multiple identities for accessing the applications they need. As these identities grow, they require an increased level of control and visibility, presenting IT with identity and access management challenges in efficiency, security and compliance. Knowledge Center contributor Jackson Shaw explains how a "get to one" strategy that automates identity administration, consolidates directories, and utilizes the organization's existing infrastructure and directory can minimize these identity and access management challenges.

Today's complex, heterogeneous enterprises contain multifaceted and diverse information systems. The proliferation of the personal computer and the networking of those computers have caused the number and types of systems that are accessed, as well as the number of employees who must be granted access, to grow exponentially.

An enterprise may use any combination of Windows, Unix, Linux, Macintosh or legacy systems-each running a variety of applications and creating significant inefficiency because users must remember different passwords and take the time to access each one separately.

System security demands that authentication, authorization and administration be controlled for every identity of every user in the enterprise. This creates the majority of identity and access management challenges. In a complex, heterogeneous enterprise, the IT staff spends countless hours provisioning, de-provisioning and dealing with password management and other issues for each of these user identities.

These same factors impact the organization's ability to maintain information security as required by government regulations, industry initiatives and established best practices frameworks. In fact, inconsistent password policies throughout the enterprise, non-secure authentication practices and delays in user de-provisioning-due to a mix of systems and IT teams with the authority to deactivate a user account-are the most common causes of compliance deficiencies.

Jackson Shaw is Senior Director of Product Management for Identity and Access Management at Quest Software. Jackson joined Quest as part of its acquisition of Vintela. He oversees product direction, strategy and go-to-market activities for Quest. Prior to Quest, Jackson was a key member of the identity and access management marketing team for the Windows server marketing group at Microsoft. He was responsible for product planning and marketing for Microsoft's identity and access management products, including Active Directory and Microsoft Identity Integration Server (MIIS) 2003. Jackson has been involved in directory, meta-directory and security initiatives for 20 years. He has spoken at various industry events and writes a popular identity management blog. Check it out at He can also be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel