Identity Management Critical for Organizational Success

Corporate execs shouldn't overlook the importance of identity management systems, the CEO of Oblix warned during a keynote address for the Ziff Davis Media Enterprise Solutions Virtual Tradeshow.

Implementing a comprehensive identity management system is critical for success in the enterprise—a fact many corporate executives havent yet grasped, according to the chief executive of identity management provider Oblix Inc.

Considering identity management as a critical organizational component is key to competitive advantage today, said Gordon Eubanks, Oblix CEO and president, in his keynote address at the Ziff Davis Media Enterprise Solutions Virtual Tradeshow on Wednesday. Oracle Corp. earlier this week announced plans to buy Oblix.

/zimages/6/28571.gifClick here to read more about the Oblix acquisition.

Developing an identity management infrastructure both for people and technology is the only way to successfully manage the heterogeneous, distributed, siloed architecture that makes up a typical organization today, he said.

The goal, he said, is to create a critical service in identity that can be applied across silos such that the business gets the benefit of having better control, visibility and security while continuing to drive competitive advantage.

"We can no longer build a moat or wall around our organization and hide behind it. The idea of perimeter defense doesnt meet business needs," he said. "We have the situation where people are accessing information from outside as well as inside the organization, and being able to uniformly manage that is the heart of what identity management brings to the organization."

To attack the problem, Eubanks advised creating a critical service where identities, as well as the policies that apply to identities, can be managed, and then controlling access and auditing of access in a uniform manner across the organization.

"Identity management is about managing each and every one of the unique identities, the rights these identities have, and the privileges associated with enterprise users in a centralized and policy-driven manner," he said. These efforts usually include single sign-on, password management, user provisioning, and user, group and organizational management, he said.

Among the benefits of this approach, he said, are meeting the compliance challenges of such regulations as the Sarbanes-Oxley Act of 2002, the Health Insurance Portability and Accountability Act, and others; streamlining operations with partners and external customers; seamlessly linking applications; and driving down costs by reducing help desk calls via self-service and sharing administrative costs with partners.

/zimages/6/28571.gifClick here to read about how Childrens Hospital Boston deployed an identity management system to handle password resets and account provisioning.

One significant advantage organizations will get from implementing an identity management solution is that security policies can be applied uniformly across applications.

"You dont get into a situation where every application owner is deciding what they need to do to set up security," he said. "The appropriate people can set up the security policies that apply, and you can audit this efficiently and see when the policies are being adhered to. And if somebody needs to be removed or added to the system, it can be done quickly and efficiently."

Once an organization has successfully applied identity management to internal and external employees and business partners, the next objective is extending it to applications, devices and equipment, as well as across the network.

"We see our customers wanting to know how to tie in their network infrastructures to their identity system and how to apply devices on the network into their system," he said. Eubanks predicted that this is the next frontier for identity management.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.