Interview

Taking a piecemeal approach to managing identities

Jennifer Lawinski, News Writer
What do you think are the key components of a solid identity management strategy?
Number one

    Requires Free Membership to View

    Login

It's important to understand that when we're talking about identities, we're not necessarily talking about individuals.

Vadim Lander, chief identity architect,

Computer Associates

,
is planning. Depending on who you ask, identity management is oftentimes misunderstood, and sometimes planning goes way beyond what's really necessary. It's very important to budget and understand … depending on what specific points you're trying to address. You have to be very careful in terms of your initial rollout in terms of meeting organizational expectations. What type of business it is will determine the priorities. Can IT managers take a piecemeal approach to identity management and integrate a single management tool at a time? What should they start with in such an approach?
It can be done. We've seen this done in the past. It depends on your time horizon. A lot of people have problems with passwords, for example -- too many passwords, and they'll implement a password management system.

It is possible to employ it piecemeal. However, we've seen our customers begin to express interest in pieces of the identity management infrastructure that are working together and can be deployed in a way that enhance each other. What are the most common identity management tools used by IT managers today?
If you look at identity management, there are about 12 to 15 pieces in there. However, the most common one so far has been single sign-on -- within the organization for employees and single sign-on for customers so that they're able to access different business units.

Provisioning is picking up. Provisioning is really about maintaining the lifecycle of user identities, from creating the identity to terminating the identity. It has been going well over the last two to three years, and we expect a significant uptake moving forward. Over the past couple of years, organizations have been working on how to be in compliance with Sarbanes-Oxley and HIPPA [Health Insurance Portability and Accountability Act]. Provisioning

For more information

Expert advice: How to manage multiple unique passwords

 

Expert advice: Changing usernames/IDs
is a perfect tool to help automate compliance. What do you think will be included in access management systems in the future?
In identity and access management systems, we have to talk about security. Authentication answers who are you, and authorization answers what can you do. The third component of your basic identity management system is audit -- everything that takes place in terms of accessing your application. Every time a profile is changed, it has to be recorded.

Compliance goes hand in hand with auditing. Once the information is logged, we have to ask, 'Do we comply with regulations?'

It's important to understand that when we're talking about identities, we're not necessarily talking about individuals. Anything that can be given an ID we consider an identity that can be managed and audited, regardless of whether that's an individual or a Web service. From an enterprise IT perspective, has identity management technology met expectations or is it just hype?
You know that there's a certain hype curve, but it really depends on what the initial expectations were. In the early days, we started with single sign-on, and it really has met expectations.

It boils down to making sure you understand your exact requirements and you plan for them. You're able to demonstrate success in the initial phase and then you're able to move forward.

We're moving forward knowing what's possible and what's not possible. For the most part it has been very successful, and we've seen it in our customer base.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top