Seven tips for effective identity management

The emergence of Web-based technologies has forced organizations to change the way they conduct business. They must find new ways and new tools to securely control access to corporate resources and manage the security risks associated with the escalating volume of user administration.

To be successful, companies must integrate their information systems and combine disparate technologies, particularly as a result of business mergers and acquisitions. To accommodate these changes, the IT department must administer a large number of heterogeneous systems and applications, manage a huge influx of new users and adjust their privileges accordingly. To add to this complexity, many organizations have implemented point security solutions, which are often time-consuming and costly for the IT department to integrate and customize.

Integrated identity management systems help IT managers reduce risks, manage user administration demands and adapt to new regulations. Identity management systems with the right requirements can help companies realize benefits across the business, from employees and partners to customers.

The following are seven "must-haves" to look for when selecting the best identity management system for your organization.

1. Role-based user provisioning

User provisioning is the process for managing user identities enterprisewide and beyond. User provisioning encompasses the following:

  • Types of users an organization will manage
  • Systems, applications and other business resources users need access to
  • Levels of access to those resources
  • Creation, update and deletion of user accounts
  • Measurement of administrative overhead associated with user management
  • Metrics for success

User provisioning provides the proper resources to users at minimal cost. It manages a user's work cycle, including things such creating accounts on different systems, extending access to external services and temporarily suspending access or permanently revoking accounts. Effective user provisioning reduces security risks, including weak passwords, and minimizes obstacles to user productivity. User provisioning also provides centralized management capabilities and automation via role-based account creation and workflow access rights to business resources.

2. Managing user identity

Organizations can identify different types of users according to their business functions: employees, customers, suppliers, partners and more. Each user within these groups owns a separate online "identity" that can be managed efficiently to reduce risks and lower business costs.

It's far easier to manage a single user identity than multiple identities for one user. Identities can be managed according to users' needs, enabling the organization to deliver quality and increased customer satisfaction.

Internally, user provisioning tools are implemented by the IT department and integrated with the human resources application. Particular user roles should have predefined access rights. When an employee joins a specific role, his access permissions to business resources are dynamically updated according to the permissions preset by the IT department. This approach ultimately reduces costs and effectively automates business processes.

Externally, once an organization has attracted a customer, supplier or partner, it's vital to ensure that the process of registering the user's identity and submitting a transaction is straightforward, smooth and secure. To feel valued, users need to trust that the information they provide is kept confidential and secure.

3. A directory infrastructure

A directory allows businesses to group employee information into an easily accessible, hierarchical structure. Identity management systems require a strong foundational backbone based on a robust, extensible directory architecture. The strength of this architecture allows directories to synchronize, replicate and link information between information stores in an uncomplicated, distributed environment. Directories provide extremely fast lookup capabilities across geographically distributed locations, which is integral to business success.

4. User authentication

Strong authentication methods to validate user identities, such as biometrics, smart cards and digital certificates, are the foundation for trusted transactions. Organizations can validate information while ensuring that communications between the business and the user remain confidential -- establishing a level of trust between the two parties.

5. Single sign-on and secure access

Simplified access to business applications is enabled through single sign-on technology. Single sign-on relieves the frustration of having to remember multiple passwords to access multiple systems. Implementing such functionality helps reduce the IT department's administrative overhead by providing one interface to manage multiple systems.

Web-based businesses provide different access points to systems, allowing users to connect via the Internet, extranet and intranet. Therefore, enabling secure access to a variety of business resources has never been more critical.

6. Self-registration and self-administration

Who knows more about them, what their job functions are and what they need to do than the users themselves? Self-registration and self-administration decrease overhead and increase user productivity by delegating management to the user. For example, a user can self-register with a business by submitting a Web-based form and immediately perform secure transactions -- with little or no human intervention. Password resets are expensive, and the ability for users to reset their own forgotten passwords benefits business operations, the IT department's workload and user productivity.

7. Account mobility

A key requirement for identity management strategy is for user accounts to remain mobile. Employees frequently move around in an organization, and many users travel as part of their business roles. It's essential that a user's identity moves as he moves. Users also need the same level of access, however, regardless of where they connect to the business network. The identity management infrastructure must be flexible enough to accommodate this type of mobility.

The identity management infrastructure must also be open and extensible to support future Web services and integration with other business environments. Web services security will enable a user to securely access multiple Web sites using the same user identity.

The best way to confront the identity management challenges most organizations face is to manage the user life cycle from a centralized perspective and to enable user self-service across and beyond the enterprise. Finding an identity management system that addresses the seven aforementioned habits and operates in a future-proof environment will not only make identity management more effective, but it will also enable overall business to operate more efficiently. This will put businesses on the path to consumer trust, employee productivity and greater growth.

Bilhar Mann, CISSP, is vice president of product management at Computer Associates International Inc., where he is responsible for product definition and strategy for CA's eTrust Identity and Access Management security suite. Previously, Mann was director of product management at media caching and streaming start-up Volera Inc., a majority-owned subsidiary of Novell Inc. He joined Novell after its acquisition of JustOn Inc., a start-up that he co-founded in 1999.

Copyright © 2004 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon