What do you think are the key components of a solid identity management strategy?
It can be done. We've seen this done in the past. It depends on your time horizon. A lot of people have problems with passwords, for example -- too many passwords, and they'll implement a password management system.
It is possible to employ it piecemeal. However, we've seen our customers begin to express interest in pieces of the identity management infrastructure that are working together and can be deployed in a way that enhance each other. What are the most common identity management tools used by IT managers today?
If you look at identity management, there are about 12 to 15 pieces in there. However, the most common one so far has been single sign-on -- within the organization for employees and single sign-on for customers so that they're able to access different business units.
Provisioning is picking up. Provisioning is really about maintaining the lifecycle of user identities, from creating the identity to terminating the identity. It has been going well over the last two to three years, and we expect a significant uptake moving forward. Over the past couple of years, organizations have been working on how to be in compliance with Sarbanes-Oxley and HIPPA [Health Insurance Portability and Accountability Act]. Provisioning
In identity and access management systems, we have to talk about security. Authentication answers who are you, and authorization answers what can you do. The third component of your basic identity management system is audit -- everything that takes place in terms of accessing your application. Every time a profile is changed, it has to be recorded.
Compliance goes hand in hand with auditing. Once the information is logged, we have to ask, 'Do we comply with regulations?'
It's important to understand that when we're talking about identities, we're not necessarily talking about individuals. Anything that can be given an ID we consider an identity that can be managed and audited, regardless of whether that's an individual or a Web service. From an enterprise IT perspective, has identity management technology met expectations or is it just hype?
You know that there's a certain hype curve, but it really depends on what the initial expectations were. In the early days, we started with single sign-on, and it really has met expectations.
It boils down to making sure you understand your exact requirements and you plan for them. You're able to demonstrate success in the initial phase and then you're able to move forward.
We're moving forward knowing what's possible and what's not possible. For the most part it has been very successful, and we've seen it in our customer base.