Identity Management -- No Longer Just the Bouncer at the Door

Untitled Document You may remember the bouncer from your college days: the big guy who checks your ID at the door who determines whether you are who you claim to be and that you meet the criteria to enter (authentication and authorization in IT jargon). If you try to enter and you haven't shown that you are who you claim to be, or you don't meet the criteria, you get bounced. That's pretty much what identity management used to be -- the bouncer at the IT door; the guard at the IT gate.

Today, identity management is a lot more. Oh, it's still got the muscle to guard the gate. But given the right set up, the bouncer at your IT door has got as much brain power as brawn. The trick is to let the bouncer use it!

Identity management solutions have evolved to encompass all of the processes, practices, and tools utilized to govern the complete lifecycle of digital identities. They now provide a variety of important functions to consolidate identity information and centralize identity management while automating identity, password, and compliance management tasks.

Identity management solutions can consolidate identity information into a single identity data repository, greatly simplifying management. This information presents a comprehensive, consolidated view of users. As a result, IT can use this to answer the fundamental question, "Who are the users?"

Centralizing identity management tasks is also important. This lets IT control and enforce access privileges from a central point based on roles and business policies. IT can then answer the question, "Who has access to what?" Centralization helps increase administrator productivity because administrators no longer have to juggle multiple user accounts on different systems.

That's not all: a well-architected identity management solution should automate user administration and access provisioning through automated rule- and role-based management of user accounts on enterprise systems. This grants access to new users based on their roles in the organization. It also grants immediate role-based access to newly deployed IT resources. In addition, this provides the capability to change user access rights when users change roles. Furthermore, it revokes access when users terminate their relationships with the organization. Yes, the identity management solution watches the IT door very carefully.

Password Automation, Service, and Compliance

Password management is key to identity management and it can be automated in a variety of ways. The IT organization can define and enforce password policies to ensure that users maintain secure passwords and change them when required. What's more, through such mechanisms as password synchronization and single sign-on, IT can reduce the number of passwords that users have to remember, increasing user productivity. And if you're like most people, you have many different passwords for the various applications you access, so going to one password alone will greatly reduce the number of calls you'll have to make to the help desk each year.

In addition, self-service password management permits users to manage password resets and changes on their own. This simplifies administration and increases corporate productivity by eliminating a major source of costly support calls -- password resets. This process helps increase user satisfaction because users can reset passwords easily and quickly on their own without having to wait for IT staff to help them. And the savings for the service desk can be substantial. A leading analyst firm estimates the average cost of a reset call to the service desk to be $14, compared to the Help Desk Institute's estimate of $1 for self service. So, for every 10,000 reset calls your service desk takes, the costs could be reduced by half as a result of reducing the number of passwords users manage. This number could be reduced another quarter via self service. As a result, you could have an overall reduction in reset support costs by almost 75% per year by automating these processes.

An effective identity management solution is not only a guard, it's also a detective. The solution should automatically monitor, log, and report access events, and generate appropriate notifications, including an automatic notification of suspicious activities. It should also maintain an audit trail to validate compliance, permitting IT to answer the questions: "Who granted access and when?" and "How is access being used?" Automating audit and compliance management helps reduce the cost of achieving and demonstrating compliance. It also frees up considerable IT staff time that can be applied to more strategic tasks.

Let the Bouncer Do the Work

An identity management solution can work closely with a service request management solution to expedite the process of requesting and fulfilling services. Here's what a service request management solution does. It permits people to find and request services they need online, and track a request status on their own -- all without assistance from the service desk. It also permits service providers to publish available services in a centralized, Web-based catalog. In addition, it automates the fulfillment of requested services, greatly speeding response.

A service request management solution is a consumer of user identity data. It can use the data to determine users' entitlements to services based on their roles, presenting them with only those services they are entitled to receive. It can also use identity data to allow only authorized persons to modify the online service catalog. In addition, the service request management solution can automatically populate service request forms with known user data to simplify and speed the request process.

To get the most out of managing digital IDs you've got to leverage this capability in as many different venues as possible. In IT parlance, that means INTEGRATE, INTEGRATE, INTEGRATE. A perfect example is using the out-of-the box integrations available for other solutions to concurrently provide, add, or remove user access in tandem with their associated hardware and software assets in one consolidated, "closed-loop" process. Look for a vendor that offers this capability via a closed-loop client management approach that was designed with ITIL version 3 best practices in mind.

Everything Changes

System configurations and access privileges vary greatly based on a user's role in the organization. An identity management solution maintains the links between people, their roles, and their associated access requirements. A change and configuration management solution, for example, can leverage role-related identity information to automatically provision or re-provision systems and access privileges to users.

Let's say you just got a promotion. As soon as that promotion is entered in the human resources (HR) system, a domino effect is generated by the automated, integrated identity management solution. HR enters your old identity associated with the new role. That update automatically notifies your change management solution, which in turn informs configuration management. Suddenly, you have access to information you couldn't get your hands on yesterday. When the identity management solution is set to recognize you in association with your new title, your new accesses, minus previous restrictions, you won't be in for any surprises when you need immediate access to information and resources previously withheld from you in your old role.

Bring your Bouncer Inside

Certainly any identity management solution needs to do its first job first: guard the gate and secure the information. But with an integrated approach to identity management, it can be leveraged to enhance a full array of IT applications, components, tasks and processes. The trick is to stop thinking of identity management as the lone bouncer standing outside the door of your business just checking IDs.

Bring the guard inside to be a full and versatile participant in your IT-business environment. Creating an identity-aware approach by integrating an identity management solution into the environment unleashes the full business value of identity data, as well as that of the identity management solution. Other solutions in the environment can leverage the capabilities and data provided by the identity management solution to help IT address cost-control mandates, while also improving services strengthening security, and enhancing regulatory compliance.

About the Author

Bronna Shapiro, director of Solutions for Identity Management and Services for BMC Software, manages a team that is responsible for marketing and strategy for identity management solutions. In addition, she leads a team responsible for marketing for consulting services, educational services, and customer support. Her prior industry experience is in marketing leadership for distributed systems solutions and in product management of key mainframe products. She has also been an instructor for courses on IMS and DB2.

More by Bronna Shapiro