1 / 39

Identity Management

Identity Management. Guy Huntington, President HVL Derek Small, President Nulli Secundus. Why Bother?. Identity management leads to significantly reduced costs, improved service, increased productivity and competitive advantages over competitors

venetia-natasha
Download Presentation

Identity Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity Management Guy Huntington, President HVL Derek Small, President Nulli Secundus

  2. Why Bother? • Identity management leads to significantly reduced costs, improved service, increased productivity and competitive advantages over competitors • E-business requires a high degree of system integration • Identity management is the place to start in rethinking system workflows

  3. Identity Management • Identity Management is the secure process of defining, creating, handling, updating and archiving core information about an individual

  4. Core Information • Core information includes such basics as name (first, last, full name, common name), identification number(s), contact information, and any other information about an individual the enterprise deems important to securely gather, store, monitor and exchange portions of between systems

  5. But We Already Do That! • You’re right…you do it potentially hundreds of different ways and that’s where the problems and opportunities are • The ERP, HRIS, financials, payroll, data warehouses, CRM, marketing, sales, manufacturing, security, network, portals, contact management, e-mail, facilities and all your other 100-200 systems create, store, handle, archive and secure identities their own way

  6. Identity Universes • Each application has a system of managing identities that lacked identity standards when they were built • From an identity management perspective, each system in effect views itself as if the other systems don’t exist • You might be surprised how much this approach is costing you in productivity, maintenance costs and competitive advantage

  7. Look-Ups & Org Charts • Companies like Cisco and others have calculated the cost to their company in finding out who people are in the organization, their reporting structure and how to contact them • The costs with their old legacy systems are in the tens of millions of dollars each year

  8. Look-Ups & Org Charts • Not being able to find people instantly causes an even bigger hit in overall productivity • Too much time is spent on trying to find information and people rather than dealing with the core tasks pertinent to achieving corporate goals

  9. New Hires • Poor identity management for the new hire process is another big financial and productivity hit in corporations • Often the new hire may take weeks and even months to get finished with all the 100-200 business system registrations

  10. New Hires • What is the cost to your corporation for every day, week and month of lost productivity for new hires? • The costs can easily be millions or tens of millions of dollars annually

  11. Competitive Advantage • In the world of internet time, integrating systems internally, between you and your partners and with the internet for your customers is imperative • The cost you pay for poor, slow and expensive identity information transfer between your systems is a competitive disadvantage against competitors who have figured out a modern identity management strategy makes money

  12. Competitive Advantage • By instantly synchronizing all your identity systems, you can consider new forms of doing business with your customers • Offer new identity based services from your back-office systems to improve service • Integrated, nimble identity systems means fast response to market changes • Provides greater control over ensuring the customer their information is secure

  13. Security • In e-business, the lack of coordinated identity systems often leads to security lapses • Time lapse • Information continuity • Customer, employee or business partner identity information may be placed at risk or inadvertently given out

  14. Security • The response time to making an identity change creates security breaches • A consultant leaving a company may still remain for some time with network, application and even authorization privileges • A customer requesting their information be kept confidential may find themselves still on mailing, distribution and publicly available access lists for months after making the request • Companies may have trouble ensuring employee home numbers/social security id’s are not given out and are properly secured

  15. Security • The evolving information laws in Europe and Canada in particular place the onus on the company to ensure employee and customer information is secure • The potential for litigation and adverse public perception in the marketplace increase by relying on older systems that weren’t designed with integrated identity security in mind

  16. Security • The desire for single sign on for customers, business partner’s employees and your own employees means identity system integration is a must • How else are you going to standardize, coordinate and enforce authentication within a domain, between domains and with your customers?

  17. Is There a Magic Bullet? • No • There are however many short terms steps you can take to put yourselves on the road to a modern identity management strategy and tactical deployment thereof

  18. Grunt Work • The first step is to prioritize the identity management systems for integration and change • You’re looking for low hanging financial fruit, strategic gain and internal productivity improvements • Integrating identity information in HR, HRMS, ERP’s and NOS’s are good starting points

  19. Grunt Work • Then begins the task of diving into the minutiae of how these identity systems currently work • What information is stored? • What’s the syntax used? • How long are the fields? • What character sets do they use? • What’s the authoritative source? • Which other systems use the same information? • These are just some of the many starting questions

  20. Grunt Work • The grunt work continues with examining who gets to see which identity attribute, who gets to modify it and who’s notified when any change to it is made? • This is the heart of creating new streamlined workflow and secure identity management processes

  21. Coordinating Systems • Your existing identity information will likely be stored in a variety of databases • A few may use directories • You need to consider a directory strategy acting as a central coordination hub for the identity systems

  22. Why Directories? • Directories have a common standard “Lightweight Directory Application Protocol” (LDAP) for coordinating how information is stored and queried • You need a tool with a standard to coordinate your disparate identity systems • They’re optimized for fast reads • It’s critical in e-business that the solution be fast for identity management including authentication

  23. Do I Keep My Databases? • Yes • You’ll use the directory to coordinate them • You may eliminate the identity portion of some systems and place it in a directory where it’s cost effective • Others such as PeopleSoft v8 are now directory compatible and ease integration with external systems via the directory while still using their extensive internal databases and data warehouses

  24. Directories • A typical directory project often has an ROI of between 5 and 7 times investment • You need a directory strategy addressing identity system integration

  25. Directory Design • The design of the directory may be one of most critical decisions you make • A poor design can cost money, time and effort in constantly changing as rapid changes occur in your organization

  26. Directory Design • The performance of the directory is also impacted by how you design the directory • That’s important when you’re using the directory several thousand times a second to query for e-mail addresses, name, contact and org chart lookups, authentication and authorization

  27. Is a Directory All I Need? • No, it’s just the beginning • How are you going to manage and display the identity information? • How are you going to ensure the identity security within and between your systems, your business partners’ systems and the interaction with your customers?

  28. Displaying Identity Information • Let’s assume you’ve now got your internal identity systems coordinated and it’s time to get the employees, portal users, extranets and customers via the internet seeing the identity information they’re entitled to • What’s your game plan?

  29. Displaying Identity Information • Directories are not end-user friendly • Unless you want to teach everyone how to use LDAP syntax, you better think about some middleware tools to make it so easy to use the end user community loves and uses your new identity systems

  30. What’s Required? • Integrate with your intranets, extranets, portals and internet sites • Graphically easy to search for, retrieve and display identity information • See org charts on line if desired • What the user sees is based on their security privileges

  31. Delegated Identity Administration • How are you going to manage the incredible volumes of identity information securely and cost efficiently? • The answer is to use delegated identity administration • You need tools allowing delegation of the identity administration by different methods including dept, title, object class, rules, roles or name

  32. Self Serve Identity Administration • Some portion of your identities may be best administered by the end-user themselves be it the employee, business partner employee or customer • You need tools that allow you to securely delegate the administration as far down towards the end user as you deem appropriate

  33. Self Serve Identity Administration • The end user modification must be easy to do • Needs to integrate with your other systems to streamline the workflows

  34. E-Business Infrastructure Tools! • Managing the whole identity process, securing it, delegating, displaying and integrating it with your systems is not trivial • In our practice, we use Oblix as a primary infrastructure tool to coordinate and manage the identity process

  35. Oblix • Oblix produces two products “Publisher” and “NetPoint” to handle identity administration and security • Directory based • Integrates identity, authentication, authorization and auditing systems

  36. Oblix Publisher • Provides delegatable identity management to the level(s) you desire • Integrates identity display with intranets and extranets • Displays on-line org charts • Displays based on what the user is allowed to see

  37. Oblix • Issue workflow requests to manage identity changes • Control view, modify and notify privileges for each identity attribute • Easy to scale across an enterprise • Works with different directory vendors

  38. The Bottom Line • Identity management is critical to your profitability, responsiveness and productivity • Identity management can be a cornerstone of a modern corporate infrastructure strategy with proper management, planning and tools

  39. I’d Like to Learn More Guy Huntington, HVL: • guy@hvl.net • www.hvl.net • 604-921-6797 Derek Small, Nulli Secundus: • derek@nulli.com • www.nulli.com • 403-270-0657

More Related