Another market trying to come to grips with ID management is the government sector, where employees are also frequently coming and going, as many jobs are tied to legislative terms and workers are often lured away to private companies. Along with the same issues faced by private companies around defining roles and keeping workers productive, government employees are often forced to compress ID consolidation projects into timeframes that private companies wouldnt consider, said H. Lee Buchanan, a vice president at electronic warfare specialist EDO and former assistant secretary of the U.S. Navy."The original intent of the Department of Homeland Security was to provide more power to the individual states, but that led to a lot of different plans and no uniform standards for government ID management nationwide," said Buchanan. "Now the federal government is trying to move back to a more centralized approach, but theyre finding that its really very hard to do that; you layer on the challenges of budget and job tenure that persist in the government sector on top of these challenges, and you see what a complex problem this is." At least one expert said that while compliance regulations are driving the convergence of roles policy, password and account auditing, and user provisioning, those processes should be part of any companys security operations. Moving beyond simple password management to more specific user provisioning helps enterprises get closer to a practical enforcement model for compliance, said Roberta Witty, analyst with Stamford, Conn.-based Gartner. Businesses not directly affected by Sarbanes-Oxley or HIPAA should also take note, she said. "Nonpublic companies will be bitten eventually if they dont address ID management, as there will be more regulations to come, for trading partners and others," said Witty. "Companies need to figure out how important ID management is to their business and how it plays out in the larger picture; they need to figure out how it drives their business and what it means to their future." Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Since the dawn of the Homeland Security era after the terrorist attacks on the United States in 2001, efforts to improve ID management have moved forward, but not without problems, he said.