Better security through identity

InfoWorld - SAN FRANCISCO -- The old "separate nations" network paradigm -- decentralized security in which multiple departments using various applications manage access as each sees fit -- is now passe.
Security systems are going global, as enterprises increasingly turn to identity management solutions from vendors such as IBM, Netegrity Inc., Novell Inc. and Oblix Inc. as a means to better align network policies and permissions with business goals, not just IT's ideas of how a system should be managed.
It had to happen. The more resources are added to a network, the harder it becomes to control. In today's strict regulatory environment, businesses are clamoring for a better way.
"The traditional model of enterprise security is parameterized around a small set of data centers," says Chris O'Connor, director of security strategy at IBM. "It's security Swiss cheese that has bred all kinds of compliance issues and security problems."
No matter what level of chaos we let reign on our desks and file cabinets, we all know that a messy network can never be a secure one. Digital identity, beyond being a means to enable application SSO (single sign-on), has begun to emerge as a key tool for bringing order out of the chaos.
"Enterprise investments in identity management are enabling identity-centric network management," says Phil Schacter, vice president and service director of directory and security strategies at Burton Group. In particular, Schacter cites the changing nature of today's networks -- including the increases in mobility and remote access -- as driving forces behind the move toward identity-based systems.
Identity doesn't just define who a user is; it connects the "who" directly with the "what" -- what a user's role in the organization is, what resources and information that user needs access to, and what he can and can't do with that information. Identity is the big picture, the whole story that allows corporate policy and processes to be applied in a consistent and comprehensive manner across an entire enterprise.
By consolidating access and authorization information for each user, identity solutions help keep networks current. They grant quick access to new hires, while helping to exorcise the ghost accounts of former employees before they have a chance to possess the system. They provide audit information for regulatory compliance. They protect privacy and strengthen access controls. But perhaps most importantly, identity-based network management lifts network security out of the data center and brings it in line with the needs of the enterprise.

Identity storehouse
Moving toward identity-based network management is a tall order,