The Human Touch

By Cameron Sturdevant  |  Posted 2003-03-03 Print this article Print

The Human Touch

Despite impressive progress in the identity management field, it remains hampered by long-standing bugaboos.

First, there is still a tremendous amount of human touch that is required to set up and maintain these systems. Second, while some products come close to recognizing all applications access methods (Passlogix Inc.s v-GO SSO, for example), most enterprise users will encounter at least one application that requires significant custom coding to work with the identity management system.

Once users are logged in, a host of tricky problems remain. And the severity of these problems will depend in large part on an organizations industry.

In an interview with eWEEK, Nelson Ramos, vice president and regional CIO of Sutter Health, in Modesto, Calif., and an eWEEK Corporate Partner, pointed out that many medical applications automatically time out after a short period of inactivity. "Once the user is logged in, we still need some way to signal activity—maybe caching a mouse movement and replaying it every couple of minutes to keep the application session active," said Ramos.

Medical settings, in fact, may put identity management to its most difficult test. At the end of the day, most other industries are not dealing with life-and-death decisions. In a hospital, if a doctor needs lab results but cannot remember his or her password to gain access to the system, the results can be catastrophic.

A health care setting also presents big challenges to the common user name/password method of authentication as well as to more rigorous methods that use multiple factors to confirm identity, such as biometrics or physical tokens. Relying on a thumbprint, for example, is difficult at best in an environment where most employees wear gloves. Badges and other tokens take a beating when they need to be used in sterile environments. Furthermore, radiology departments often have special requirements that restrict either metal or magnetic devices.

Health care organizations may present some of the biggest challenges to identity management, but every organization has its hurdles. In any business, for example, where personnel commonly share workstations and move around inside buildings, authentication methods must move with employees and cannot be tied to a single computer. IT managers need to consider these kinds of business requirements when planning an identity management system.

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel