Identity Management -- No Longer Just the Bouncer at the Door
By Bronna Shapiro, Director of Solutions for Identity Management and Services, BMC Software
You may remember the bouncer from your college days: the big guy who checks your
ID at the door who determines whether you are who you claim to be and that you
meet the criteria to enter (authentication and authorization in IT jargon). If
you try to enter and you haven't shown that you are who you claim to be, or you
don't meet the criteria, you get bounced. That's pretty much what identity management
used to be -- the bouncer at the IT door; the guard at the IT gate.
Today, identity management is a lot more. Oh, it's still got the muscle to
guard the gate. But given the right set up, the bouncer at your IT door has
got as much brain power as brawn. The trick is to let the bouncer use it!
Identity management solutions have evolved to encompass all of the processes,
practices, and tools utilized to govern the complete lifecycle of digital identities.
They now provide a variety of important functions to consolidate identity information
and centralize identity management while automating identity, password, and
compliance management tasks.
Identity management solutions can consolidate identity information into a single
identity data repository, greatly simplifying management. This information presents
a comprehensive, consolidated view of users. As a result, IT can use this to
answer the fundamental question, "Who are the users?"
Centralizing identity management tasks is also important. This lets IT control
and enforce access privileges from a central point based on roles and business
policies. IT can then answer the question, "Who has access to what?"
Centralization helps increase administrator productivity because administrators
no longer have to juggle multiple user accounts on different systems.
That's not all: a well-architected identity management solution should automate
user administration and access provisioning through automated rule- and role-based
management of user accounts on enterprise systems. This grants access to new
users based on their roles in the organization. It also grants immediate role-based
access to newly deployed IT resources. In addition, this provides the capability
to change user access rights when users change roles. Furthermore, it revokes
access when users terminate their relationships with the organization. Yes,
the identity management solution watches the IT door very carefully.
Password Automation, Service, and Compliance
Password management is key to identity management and it can be automated in
a variety of ways. The IT organization can define and enforce password policies
to ensure that users maintain secure passwords and change them when required.
What's more, through such mechanisms as password synchronization and single
sign-on, IT can reduce the number of passwords that users have to remember,
increasing user productivity. And if you're like most people, you have many
different passwords for the various applications you access, so going to one
password alone will greatly reduce the number of calls you'll have to make to
the help desk each year.
In addition, self-service password management permits users to manage password
resets and changes on their own. This simplifies administration and increases
corporate productivity by eliminating a major source of costly support calls
-- password resets. This process helps increase user satisfaction because users
can reset passwords easily and quickly on their own without having to wait for
IT staff to help them. And the savings for the service desk can be substantial.
A leading analyst firm estimates the average cost of a reset call to the service
desk to be $14, compared to the Help Desk Institute's estimate of $1 for self
service. So, for every 10,000 reset calls your service desk takes, the costs
could be reduced by half as a result of reducing the number of passwords users
manage. This number could be reduced another quarter via self service. As a
result, you could have an overall reduction in reset support costs by almost
75% per year by automating these processes.
An effective identity management solution is not only a guard, it's also a
detective. The solution should automatically monitor, log, and report access
events, and generate appropriate notifications, including an automatic notification
of suspicious activities. It should also maintain an audit trail to validate
compliance, permitting IT to answer the questions: "Who granted access
and when?" and "How is access being used?" Automating audit and
compliance management helps reduce the cost of achieving and demonstrating compliance.
It also frees up considerable IT staff time that can be applied to more strategic
Let the Bouncer Do the Work
An identity management solution can work closely with a service request management
solution to expedite the process of requesting and fulfilling services. Here's
what a service request management solution does. It permits people to find and
request services they need online, and track a request status on their own --
all without assistance from the service desk. It also permits service providers
to publish available services in a centralized, Web-based catalog. In addition,
it automates the fulfillment of requested services, greatly speeding response.
A service request management solution is a consumer of user identity data.
It can use the data to determine users' entitlements to services based on their
roles, presenting them with only those services they are entitled to receive.
It can also use identity data to allow only authorized persons to modify the
online service catalog. In addition, the service request management solution
can automatically populate service request forms with known user data to simplify
and speed the request process.
To get the most out of managing digital IDs you've got to leverage this capability
in as many different venues as possible. In IT parlance, that means INTEGRATE,
INTEGRATE, INTEGRATE. A perfect example is using the out-of-the box integrations
available for other solutions to concurrently provide, add, or remove user access
in tandem with their associated hardware and software assets in one consolidated,
"closed-loop" process. Look for a vendor that offers this capability
via a closed-loop client management approach that was designed with ITIL version
3 best practices in mind.
System configurations and access privileges vary greatly based on a user's
role in the organization. An identity management solution maintains the links
between people, their roles, and their associated access requirements. A change
and configuration management solution, for example, can leverage role-related
identity information to automatically provision or re-provision systems and
access privileges to users.
Let's say you just got a promotion. As soon as that promotion is entered in
the human resources (HR) system, a domino effect is generated by the automated,
integrated identity management solution. HR enters your old identity associated
with the new role. That update automatically notifies your change management
solution, which in turn informs configuration management. Suddenly, you have
access to information you couldn't get your hands on yesterday. When the identity
management solution is set to recognize you in association with your new title,
your new accesses, minus previous restrictions, you won't be in for any surprises
when you need immediate access to information and resources previously withheld
from you in your old role.
Bring your Bouncer Inside
Certainly any identity management solution needs to do its first job first:
guard the gate and secure the information. But with an integrated approach to
identity management, it can be leveraged to enhance a full array of IT applications,
components, tasks and processes. The trick is to stop thinking of identity management
as the lone bouncer standing outside the door of your business just checking
Bring the guard inside to be a full and versatile participant in your IT-business
environment. Creating an identity-aware approach by integrating an identity
management solution into the environment unleashes the full business value of
identity data, as well as that of the identity management solution. Other solutions
in the environment can leverage the capabilities and data provided by the identity
management solution to help IT address cost-control mandates, while also improving
services strengthening security, and enhancing regulatory compliance.
About the Author
Bronna Shapiro, director of Solutions for Identity Management and Services for BMC Software, manages a team that is responsible for marketing and strategy for identity management solutions. In addition, she leads a team responsible for marketing for consulting services, educational services, and customer support. Her prior industry experience is in marketing leadership for distributed systems solutions and in product management of key mainframe products. She has also been an instructor for courses on IMS and DB2.