Identity management
Download
1 / 39

Identity Management - PowerPoint PPT Presentation


  • 63 Views
  • Uploaded on

Identity Management. Guy Huntington, President HVL Derek Small, President Nulli Secundus. Why Bother?. Identity management leads to significantly reduced costs, improved service, increased productivity and competitive advantages over competitors

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Identity Management' - venetia-natasha


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Identity management

Identity Management

Guy Huntington, President HVL

Derek Small, President Nulli Secundus


Why bother
Why Bother?

  • Identity management leads to significantly reduced costs, improved service, increased productivity and competitive advantages over competitors

  • E-business requires a high degree of system integration

  • Identity management is the place to start in rethinking system workflows


Identity management1
Identity Management

  • Identity Management is the secure process of defining, creating, handling, updating and archiving core information about an individual


Core information
Core Information

  • Core information includes such basics as name (first, last, full name, common name), identification number(s), contact information, and any other information about an individual the enterprise deems important to securely gather, store, monitor and exchange portions of between systems


But we already do that
But We Already Do That!

  • You’re right…you do it potentially hundreds of different ways and that’s where the problems and opportunities are

  • The ERP, HRIS, financials, payroll, data warehouses, CRM, marketing, sales, manufacturing, security, network, portals, contact management, e-mail, facilities and all your other 100-200 systems create, store, handle, archive and secure identities their own way


Identity universes
Identity Universes

  • Each application has a system of managing identities that lacked identity standards when they were built

  • From an identity management perspective, each system in effect views itself as if the other systems don’t exist

  • You might be surprised how much this approach is costing you in productivity, maintenance costs and competitive advantage


Look ups org charts
Look-Ups & Org Charts

  • Companies like Cisco and others have calculated the cost to their company in finding out who people are in the organization, their reporting structure and how to contact them

  • The costs with their old legacy systems are in the tens of millions of dollars each year


Look ups org charts1
Look-Ups & Org Charts

  • Not being able to find people instantly causes an even bigger hit in overall productivity

  • Too much time is spent on trying to find information and people rather than dealing with the core tasks pertinent to achieving corporate goals


New hires
New Hires

  • Poor identity management for the new hire process is another big financial and productivity hit in corporations

  • Often the new hire may take weeks and even months to get finished with all the 100-200 business system registrations


New hires1
New Hires

  • What is the cost to your corporation for every day, week and month of lost productivity for new hires?

  • The costs can easily be millions or tens of millions of dollars annually


Competitive advantage
Competitive Advantage

  • In the world of internet time, integrating systems internally, between you and your partners and with the internet for your customers is imperative

  • The cost you pay for poor, slow and expensive identity information transfer between your systems is a competitive disadvantage against competitors who have figured out a modern identity management strategy makes money


Competitive advantage1
Competitive Advantage

  • By instantly synchronizing all your identity systems, you can consider new forms of doing business with your customers

  • Offer new identity based services from your back-office systems to improve service

  • Integrated, nimble identity systems means fast response to market changes

  • Provides greater control over ensuring the customer their information is secure


Security
Security

  • In e-business, the lack of coordinated identity systems often leads to security lapses

    • Time lapse

    • Information continuity

  • Customer, employee or business partner identity information may be placed at risk or inadvertently given out


Security1
Security

  • The response time to making an identity change creates security breaches

    • A consultant leaving a company may still remain for some time with network, application and even authorization privileges

    • A customer requesting their information be kept confidential may find themselves still on mailing, distribution and publicly available access lists for months after making the request

    • Companies may have trouble ensuring employee home numbers/social security id’s are not given out and are properly secured


Security2
Security

  • The evolving information laws in Europe and Canada in particular place the onus on the company to ensure employee and customer information is secure

  • The potential for litigation and adverse public perception in the marketplace increase by relying on older systems that weren’t designed with integrated identity security in mind


Security3
Security

  • The desire for single sign on for customers, business partner’s employees and your own employees means identity system integration is a must

  • How else are you going to standardize, coordinate and enforce authentication within a domain, between domains and with your customers?


Is there a magic bullet
Is There a Magic Bullet?

  • No

  • There are however many short terms steps you can take to put yourselves on the road to a modern identity management strategy and tactical deployment thereof


Grunt work
Grunt Work

  • The first step is to prioritize the identity management systems for integration and change

  • You’re looking for low hanging financial fruit, strategic gain and internal productivity improvements

    • Integrating identity information in HR, HRMS, ERP’s and NOS’s are good starting points


Grunt work1
Grunt Work

  • Then begins the task of diving into the minutiae of how these identity systems currently work

    • What information is stored?

    • What’s the syntax used?

    • How long are the fields?

    • What character sets do they use?

    • What’s the authoritative source?

    • Which other systems use the same information?

    • These are just some of the many starting questions


Grunt work2
Grunt Work

  • The grunt work continues with examining who gets to see which identity attribute, who gets to modify it and who’s notified when any change to it is made?

  • This is the heart of creating new streamlined workflow and secure identity management processes


Coordinating systems
Coordinating Systems

  • Your existing identity information will likely be stored in a variety of databases

  • A few may use directories

  • You need to consider a directory strategy acting as a central coordination hub for the identity systems


Why directories
Why Directories?

  • Directories have a common standard “Lightweight Directory Application Protocol” (LDAP) for coordinating how information is stored and queried

    • You need a tool with a standard to coordinate your disparate identity systems

  • They’re optimized for fast reads

    • It’s critical in e-business that the solution be fast for identity management including authentication


Do i keep my databases
Do I Keep My Databases?

  • Yes

  • You’ll use the directory to coordinate them

  • You may eliminate the identity portion of some systems and place it in a directory where it’s cost effective

  • Others such as PeopleSoft v8 are now directory compatible and ease integration with external systems via the directory while still using their extensive internal databases and data warehouses


Directories
Directories

  • A typical directory project often has an ROI of between 5 and 7 times investment

  • You need a directory strategy addressing identity system integration


Directory design
Directory Design

  • The design of the directory may be one of most critical decisions you make

  • A poor design can cost money, time and effort in constantly changing as rapid changes occur in your organization


Directory design1
Directory Design

  • The performance of the directory is also impacted by how you design the directory

    • That’s important when you’re using the directory several thousand times a second to query for e-mail addresses, name, contact and org chart lookups, authentication and authorization


Is a directory all i need
Is a Directory All I Need?

  • No, it’s just the beginning

  • How are you going to manage and display the identity information?

  • How are you going to ensure the identity security within and between your systems, your business partners’ systems and the interaction with your customers?


Displaying identity information
Displaying Identity Information

  • Let’s assume you’ve now got your internal identity systems coordinated and it’s time to get the employees, portal users, extranets and customers via the internet seeing the identity information they’re entitled to

  • What’s your game plan?


Displaying identity information1
Displaying Identity Information

  • Directories are not end-user friendly

  • Unless you want to teach everyone how to use LDAP syntax, you better think about some middleware tools to make it so easy to use the end user community loves and uses your new identity systems


What s required
What’s Required?

  • Integrate with your intranets, extranets, portals and internet sites

  • Graphically easy to search for, retrieve and display identity information

  • See org charts on line if desired

  • What the user sees is based on their security privileges


Delegated identity administration
Delegated Identity Administration

  • How are you going to manage the incredible volumes of identity information securely and cost efficiently?

  • The answer is to use delegated identity administration

  • You need tools allowing delegation of the identity administration by different methods including dept, title, object class, rules, roles or name


Self serve identity administration
Self Serve Identity Administration

  • Some portion of your identities may be best administered by the end-user themselves be it the employee, business partner employee or customer

  • You need tools that allow you to securely delegate the administration as far down towards the end user as you deem appropriate


Self serve identity administration1
Self Serve Identity Administration

  • The end user modification must be easy to do

  • Needs to integrate with your other systems to streamline the workflows


E business infrastructure tools
E-Business Infrastructure Tools!

  • Managing the whole identity process, securing it, delegating, displaying and integrating it with your systems is not trivial

  • In our practice, we use Oblix as a primary infrastructure tool to coordinate and manage the identity process


Oblix
Oblix

  • Oblix produces two products “Publisher” and “NetPoint” to handle identity administration and security

  • Directory based

  • Integrates identity, authentication, authorization and auditing systems


Oblix publisher
Oblix Publisher

  • Provides delegatable identity management to the level(s) you desire

  • Integrates identity display with intranets and extranets

  • Displays on-line org charts

  • Displays based on what the user is allowed to see


Oblix1
Oblix

  • Issue workflow requests to manage identity changes

  • Control view, modify and notify privileges for each identity attribute

  • Easy to scale across an enterprise

  • Works with different directory vendors


The bottom line
The Bottom Line

  • Identity management is critical to your profitability, responsiveness and productivity

  • Identity management can be a cornerstone of a modern corporate infrastructure strategy with proper management, planning and tools


I d like to learn more
I’d Like to Learn More

Guy Huntington, HVL:


ad