The technology industry is famous for coming up with fancy labels that attempt to describe and simplify complex problems. Identity management is one of those labels starting to make the rounds.
As the growth of businesses and business processes residing on the Net rises, the need for better security becomes paramount. Access control, firewalls, provisioning, authentication—individually—sound too narrow to describe such a pervasive problem. Broader in scope, identity management (IM, not to be confused with instant messaging) should resonate with a nontechie CIO more attuned to strategic concepts than nitty-gritty technologies.
My first exposure to the term came from Oblix CEO Gordon Eubanks, who is doing a lot of IM missionary work. As former CEO of Symantec, Eubanks knows the software industry as well as anyone. So I listened.
"Take AT&T Wireless, with 15 million customers," Eubanks said. "How do you give all those people access to the business?" Todays siloed security systems, he argued, are inadequate to handle millions of users. As a result, he said, IM must be an integral part of a companys IT strategy and infrastructure.
"Companies want industrial-strength identity systems. Six months ago, you wouldnt have wanted to be standing in a doorway when you were talking about IM because the door would hit you on the way out," Eubanks said.
The best examination of IM that Ive seen can be found searching "identity management" at PricewaterhouseCoopers Web site. Heres a snapshot.
"IM is a business strategy manifested in a comprehensive and evolving solution deployment that must ultimately involve the entire enterprise. IM is convergence of technologies and business processes ... [involving] information architecture, permission and policy management, directory services, authentication, provisioning, and workflow." The PwC white paper examines each components role in IM.
IM has not hit in a big way. Searches of Microsoft.com and IBM.com yielded plenty of discussion about security, but not couched as IM. HP.com turned up a hit—a page that profiled Oblix, a business partner.
Neither Microsofts Passport service nor the Liberty Alliance Project talks about its single-sign-on service as IM, but you shouldnt expect them to. IM is more about how businesses handle this piece of security on the back end.
No doubt, IM proponents see dollar signs, and Eubanks said discussion of the topic is self-serving because Oblix stands to gain if IT buys into it. Regardless, its probably worth a look.
Is IM just a gussied-up wrapper for problems IT has long grappled with? Write to me at firstname.lastname@example.org.