While the introduction of these new systems has helped enterprises manage their growing customer base, supply chain, human resources, finances and corporate knowledge, companies are now being faced with new challenges. The primary challenge is how to cost-effectively integrate and maintain these increasing information systems across a growing number of business units, networks and platforms. Further, as corporate information systems become more distributed and interdependent with partners and business associates, it creates a bigger problem of maintaining security while allowing increased access to sensitive information.
Who do you trust?
Everyone needs access, be it employees, partners, customers and others upon whom the e-business depends. Providing this access is the very basis of e-business. In order to offer the highest standards of services and convenience, businesses must provide their customers with secure access
The major stumbling blocks here are identity management and access control. Studies have shown that most of the time businesses fail to gather necessary security requirements, and often there's a gap between strategy and execution.
Identity management, the term understood and adopted differently by many organizations, has resulted in confusion about what constitutes identity management and its relevance in corporate IT security infrastructure.
For corporate IT users, identity works as a key to accessing different IT services in the organization and helps them to be effective. In relation to information security, identity is viewed as an asset that needs protection and works as a resource that enables protection of other information resources. According to Meta Group, identity management is best defined as "those IT and business processes, organizations, and technologies that are applied to ensure the integrity and privacy of identity and how it translates to access." This results in its effective use as a crucial element of IT security infrastructure. Identity is a critical element of an organization's IT infrastructure. Be it operating systems, networks, databases or application environments, every system needs a unique identifier. This is primarily achieved using user IDs or system IDs. In a distributed environment, this identity creation may span several systems, creating a problem of multiple user identities because every system has its own way of identity implementation. Identity management is not a single approach solution, but rather a framework of business processes and technologies.
In part two of this series, I'll address the components of identity management, how they work, and how they are best implemented.
This was first published in May 2004