The Importance of Identity Management

In this age of the network economy, businesses and organizations are in pursuit of new opportunities and are finding new ways of conducting business using the Internet. They must, at the same time, ensure that their exposed information assets remain secure. The increasing numbers of customers, employees, partners, and suppliers have forced businesses and organizations to provide virtually global-level access to their critical informational resources while they protect sensitive information from competitors and hackers. With the potential for business that these new opportunities present, organizations and users are more involved in accessing more and more disparate resources. With that access comes a greater risk of compromising the security of business information. To overcome these challenges, an effective identity management infrastructure solution becomes essential. Identity management is the only method by which organizations can achieve the levels of integration, security, service, streamlined operationsall at reduced coststhat the virtual enterprise demands.

A typical identity management infrastructure solution would provide the following capabilities as services.

Identity Provisioning Services

Automated identity provisioning (also referred to as User Account Provisioning) and management greatly reduces the time it takes to get users up and running productively, to change their access privileges as their roles change, and to instantly and securely revoke their accounts when their relationships with the company end. Solutions that use role- and rule-based provisioning provide a degree of flexibility in the setting of provisioning rules for users, organizations, resources, roles, or groups. Such solutions ensure that policies are enforced. Finally, a dynamic workflow component supports multistep, complex provisioning and automates the process of making changes in identity data.

Identity Data Synchronization Services

Automatically synchronizing identity data (also referred to as User Account Synchronization) across a wide range of heterogeneous applications, directories, databases, and other data stores will improve operational efficiencies. Automatic synchronization eliminates the need for data to be synchronized manually and ensures data accuracy and consistency across systems.

Access Management Services

To efficiently achieve the levels of security and user service that are necessary, it is critical that an identity management solution secure the delivery of essential identity and application information, enabling single sign-on (SSO). The SSO access to applications and services must provide support for heterogeneous applications, Web services, and resources running on diverse platforms residing locally or across networks.

Federation Services

Identity management federation services incorporate the industry standards (i.e., Liberty) for providing a federated framework and authentication-sharing mechanism that is interoperable with existing enterprise systems. This allows an authenticated identity to be recognized and enables the user associated with that identity to participate in personalized services across multiple domains. Employees, customers, and partners can seamlessly and securely access multiple applications and outsourced services without interruption, which enhances the user experience.

Directory Services

In the quest for secure consolidation of processes and resources, companies are increasingly adopting centralized or decentralized directories to enhance security, improve performance, and enable enterprise-wide integration. The right directory-based solution should deliver benefits above and beyond a basic LDAP directoryexternalizing identity information, making "globally centric" information from key sources of authority, and making relevant information centrally available to both off-the-shelf applications and custom-written corporate applications. An effective directory solution must provide, at a minimum, high performance, security, and availability; full interoperability across other vendor directories; and ease of management and administration.

Auditing and Reporting Services

Comprehensive audit and reporting of user profile data, change history, and user permissions ensure that security risks are detected so that administrators can respond proactively. The ability to review the status of access privileges at any time improves audit performance and helps achieve compliance with governmental mandates. Finally, reporting on items such as usage of self-service password resets and time to provision or de-provision users provides visibility into key operational metrics and possible operational improvements.