The Identity Management industry has been around almost a decade. Back in the
year 2000, we called it Directory Services, but we were laying the foundations
for what would become today's Identity Management infrastructures.
Many organizations have shown great progress in building their identity infrastructures.
Software vendors have steadily pieced together mature product suites. But there's
more work to be done.
Although a significant number of companies have successfully implemented identity
data solutions and may have even deployed user provisioning solutions, the business
drivers and resulting value of those solutions have historically been restricted
to workflow efficiencies and reduced helpdesk costs.
Security has been absent from Identity ROI
The heart and soul of a robust identity management infrastructure is the user
provisioning solution. Provisioning enables organizations to effectively on-board
and off-board employees, contractors, and associates. These systems enable the
efficient managing of accounts and access rights across multiple heterogeneous
systems. The primary business drivers of provisioning solutions have traditionally
been increased efficiency and minimized cost associated with managing user accounts
across large or diverse environments.
What often goes overlooked in the ROI analysis and design process of provisioning
systems is whether the system could introduce an improvement in the organization's
overall security posture. System users who have acquired (or even intentionally
been assigned) elevated rights over time continue to have the ability to get
around security policies by using the rights they have been granted in inappropriate
ways. Identity Management practitioners, therefore, ought to be thinking about
increased security as a core potential value of the overall provisioning infrastructure.
It is widely acknowledged that by simply automating the process and providing
workflow approvals, automated de-provisioning, and logging of system activity,
provisioning solutions have no doubt provided an improved security posture and
an easier mechanism for responding to security audits. But, there are significant
security holes that remain in the infrastructure simply because of the design
of provisioning systems.