|
1
|
|
|
2
|
- Without identity management, computing environments would be
uncontrollable
- Without identity management, connected computing applications would be
unusable
- The process of creating access credentials for networked resources and
applications…..and revoking them when they are no longer needed
- The mechanisms by which we maintain and keep credentials current
- The way we manage characteristics about people and access policies for
businesses, so that we can tailor the information and transaction
experience
- Centralized administration, workflow, and reporting for authentication,
access control and auditing
|
|
3
|
- I know who I am, what’s the problem?
- I have a userid and password that work just fine!
- Limiting electronic information and transaction access to that required
is specified by law for nearly every business and demanded by customers
for every other.
- Being able to tailor a user experience is a competitive advantage!! That
can only happen if you know exactly who each user of each interaction
is.
- Gartner Group estimates that every password reset or unlock costs $32,
with each user needing about 4 per year, per application.
- The CEO of your average 50,000 employee company knows this function
costs her company upwards of $32,000,000 per year. More than 60% of all helpdesk effort
is spent on password management.
- Lots of applications, tougher password policies, short password lifespan
all lead to a lousy end user experience……and maybe weaker security
posture as well.
|
|
4
|
- Home grown user provisioning tools
- Process for provisioning new employee access is painful
- Numerous directories and islands of identity infrastructure
- Error prone with high support cost
- SSO implemented but users still complain they still have too many ids
- No central owner of corporate identity standards and processes
- Heterogeneous platforms with differing standards and limited
interoperability
- Terminations leave orphan access accounts
- Transfers create accumulated access
- Identity is implemented in silos for functional groups
- Security (too much privilege, probably weaker security posture)
|
|
5
|
- If this is such a huge problem, why haven’t they fixed it yet?
- It’s all the reasons you already know.
- Businesses get smashed together all the time
- Even though it costs an enterprise a ton of money, it is impossible to
ROI an enterprise identity management system on the back of any one
application
- Companies have thousands of systems and applications, and lots of
powerful people who run profit centers using those systems. Getting them to agree is tough.
- Those thousands of systems don’t integrate because you ask them nicely
- Early efforts at building identity management systems can actually make
more work
- Vendors build great products and create mass confusion
|
|
6
|
|
|
7
|
|
|
8
|
|
|
9
|
- Use desktop migrations efforts as a lever (XP Migration)
- Create a system for “globally” unique identity
- Deploy consolidated identity (credential) domains
- Tackle identity provisioning
- Build management processes
- Don’t deploy applications that have proprietary or hard-coded credential
stores
- Migrate legacy applications as they are upgraded or replaced
- Strive toward role based access instead of user based
|
|
10
|
- Decentralized identity provisioning systems
- Lack of integration with HR system
- Cooperating applications – Most legacy applications are not
- Lack of flexibility – Flexibility allows for granular compliance with
policy without creating granular security controls for each user
- Overly complicated self registration and support
- Failing to hide technology from users….must be hidden in most of the
solutions
|
|
11
|
- Identity management is a process not an application
- Identity management must consider privilege/permission management
- The Identity management solution requires
- Upfront planning
- Focus first on provisioning functions
- Choosing the proper technologies (open & secure)
- Identity uniqueness and integration with HR
- There is no a out of the box or single product solutions
- Customization and Integration is required…..don’t try it all at once
- Build Identity management as a core service….don’t force it on one app
|
Notes
