Audits required by the Sarbanes-Oxley Act and other federal and state regulatory mandates are driving the latest interest in identity provisioning technology. Fortunately, a variety of tools are emerging that will help IT managers tame the complexities of enterprise ID management.
Identity management tools such as Courion Corp.s Enterprise Provisioning Suite 7.2 and Trusted Network Technologies Inc.s Identity 2.0 will help ease audit compliance and aid in security and productivity in general, but only if IT managers stay focused on the people who have to live with the software and hardware added to the infrastructure.
Before evaluating such systems, IT managers must determine what is currently being done to manage identity and access to corporate data systems and then figure out what that process costs—in terms of both technology and human resources. Significant differences often exist between managerial perception and real-world experiences here, and the gap between the two must be closed before a new piece of technology is thrown into the mix.
Reporting is key to getting everyone on the same page and eventually getting widespread buy-in, but it will also help organizations prove—to both internal IT and external auditors—that identity systems are working to specification. In fact, when it comes to regulatory mandates, documentation of both access and process may be as important as securing access to confidential information. The trend in identity provisioning has taken a decided turn in a forensic direction.
So get out those ROI calculators and start figuring out how to implement an identity provisioning system that produces satisfactory audit reports. Chances are good that the same tools will also significantly reduce IT costs in the long run by streamlining the provisioning process.
Technical Director Cameron Sturdevant is at [email protected].