Today's e-business is identity-driven. Virtually every business application touches employees, partners and customers that have an identity, and effective identity management has become a necessity. It's is a broad and multi-faceted discipline that has rapidly emerged to become a top IT initiative.

Accurate knowledge of your users can help reduce costs, improve security, and achieve regulatory compliance. Objectively understanding your priorities is a critical factor in planning an integrated identity management rollout for your organization. An important dimension of the solution is its incremental implementation; the specific order depends on your organization's needs.

This three step process will help you sort out your organization's priorities and lay out a plan to attack the problem and achieve the best result from your investment.

Step 1: Assess the needs of your organization

There are eight primary reasons companies undertake identity management initiatives. Use this list to prioritize your needs and the dates you need them solved. Most companies do not have just one reason; they have multiple needs they plan to address over time:

• Security administration and support costs are too high
• Executive priority on single sign-on and unified user experience
• Developing adequate security for internally built applications is too expensive
• Sensitive, private information must be protected
• Compliance with regulations and audit requirements must be achieved
• Hard to keep track of all the users that access systems
• Incomplete, redundant and inaccurate identity information is found spread across multiple stores
• Security needs to be shored up to pave the way for Web services

Step 2: Identify the right starting point

Once you have prioritized your needs, the first phase begins in one of three areas. Use your priorities to guide your starting point.

• Fixing identity data
• Managing users and accounts
• Controlling access and disclosure

Fixing Identity Data: Identity-driven systems depend on a foundation that collects, stores and protects authoritative user information. The contents in the foundation include data about employees, partners, customers and contractors. This data must be pulled together from across the organization because diverse departments own different portions of the identity information. A department may have authority over many records about a user - or just one or two. The solution usually involves synchronization of contents across a variety of existing directories and databases.