Manage Learn to apply best practices and optimize your operations.

Taking a piecemeal approach to managing identities

When it acquired Waltham, Mass.-based Netegrity Inc., Computer Associates International Inc. announced that it was bringing along some of the identity and access management company's key players. One of them was Vadim Lander, Netegrity's former chief technology officer, who will now serve as CA's chief identity architect. Lander recently spoke with about the future of identity management and how the technology is being deployed in the enterprise.

What do you think are the key components of a solid identity management strategy?
Number one

It's important to understand that when we're talking about identities, we're not necessarily talking about individuals.

Vadim Lander, chief identity architect,

Computer Associates

is planning. Depending on who you ask, identity management is oftentimes misunderstood, and sometimes planning goes way beyond what's really necessary. It's very important to budget and understand … depending on what specific points you're trying to address. You have to be very careful in terms of your initial rollout in terms of meeting organizational expectations. What type of business it is will determine the priorities. Can IT managers take a piecemeal approach to identity management and integrate a single management tool at a time? What should they start with in such an approach?
It can be done. We've seen this done in the past. It depends on your time horizon. A lot of people have problems with passwords, for example -- too many passwords, and they'll implement a password management system.

It is possible to employ it piecemeal. However, we've seen our customers begin to express interest in pieces of the identity management infrastructure that are working together and can be deployed in a way that enhance each other. What are the most common identity management tools used by IT managers today?
If you look at identity management, there are about 12 to 15 pieces in there. However, the most common one so far has been single sign-on -- within the organization for employees and single sign-on for customers so that they're able to access different business units.

Provisioning is picking up. Provisioning is really about maintaining the lifecycle of user identities, from creating the identity to terminating the identity. It has been going well over the last two to three years, and we expect a significant uptake moving forward. Over the past couple of years, organizations have been working on how to be in compliance with Sarbanes-Oxley and HIPPA [Health Insurance Portability and Accountability Act]. Provisioning

For more information

Expert advice: How to manage multiple unique passwords


Expert advice: Changing usernames/IDs

is a perfect tool to help automate compliance. What do you think will be included in access management systems in the future?
In identity and access management systems, we have to talk about security. Authentication answers who are you, and authorization answers what can you do. The third component of your basic identity management system is audit -- everything that takes place in terms of accessing your application. Every time a profile is changed, it has to be recorded.

Compliance goes hand in hand with auditing. Once the information is logged, we have to ask, 'Do we comply with regulations?'

It's important to understand that when we're talking about identities, we're not necessarily talking about individuals. Anything that can be given an ID we consider an identity that can be managed and audited, regardless of whether that's an individual or a Web service. From an enterprise IT perspective, has identity management technology met expectations or is it just hype?
You know that there's a certain hype curve, but it really depends on what the initial expectations were. In the early days, we started with single sign-on, and it really has met expectations.

It boils down to making sure you understand your exact requirements and you plan for them. You're able to demonstrate success in the initial phase and then you're able to move forward.

We're moving forward knowing what's possible and what's not possible. For the most part it has been very successful, and we've seen it in our customer base.

Dig Deeper on Windows Server troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.