The next big thing in identity management is virtual directories. And we do mean big: big potential for big returns, with big questions still remaining.
Virtual directories can significantly change the way identity information is used in midsize and large organizations and can reduce the technical and cost barriers of identity management. However, IT managers must commit to centralizing application access to authoritative data sources—no small task in todays global work force.
Virtual directories are software tools that connect to identity data in a variety of authoritative sources, including LDAP directories and databases. Virtual directories broker requests from applications that need access to this identity information. Metadirectories, in contrast, create copies of directory data, resulting in a usually costly infrastructure of replication and synchronization procedures to ensure that data is current. Virtual directories ultimately rely on the original data source for identity information.
Virtual directories also have the potential to lower licensing costs over products like metadirectories that are based primarily on synchronizing data from many sources into a central authority. However, additional features, such as data reconciliation and identity mapping among information sources, can easily drive up virtual directory costs.
Virtual directory tools act as a go-between for data repositories and applications. To the application, the virtual directory appears to be a customized directory that supplies precisely the identity information the application requires. To data repositories, the virtual directory appears as an application that asks only for information that the repository can supply.
At the end of the day, virtual directories make it possible for IT staff to implement new enterprise applications—such as human resources, CRM (customer relationship management) and e-mail—without creating a whole new user credential store to control access.
Virtual directories ability to monitor and record user access also could help businesses comply with the audit requirements embodied in regulations including HIPAA (Health Insurance Portability and Accountability Act), the Graham-Leach-Bliley Act and the Sarbanes-Oxley Act.
In fact, IT managers who decide to evaluate virtual directory technology are well advised to look at the regulatory compliance aspects of these products as a way to get executive sign-off. After the products are in place, IT staff likely will be able to drive significant identity management costs out of application implementations. For these cost savings to become reality, however, IT managers must convince other divisions in the organization that centralized identity management can work.