|
|
Like this article? PLEASE +1 it! |
|
3 Reasons Identity Management is a “MUST”… and strategies to make it affordable
Written by: Marc PotterArticle Overview: Identity Management for companies with employees that have access to critical data is a MUST. Over the years I have had the privilege to work with many companies large and small, who have different business needs. In many cases I hear all the reasons, (and sometimes excuses) for not implementing a solution, policy or methodology. Sometimes these reasons even make perfect sense! In making any business decision, the choice to do, or not do anything is weighed by what I call the “risk vs. reward scale”. The article gives three basic reasons Identity Management is a MUST
![]() |
Free Download - No Disaster Recovery, No Excuses… New Strategies that make it affordable By Marc Potter |
3 Reasons Identity Management is a “MUST”… and strategies to make it affordable
Let me be clear about
what I’m saying. Identity Management for companies with employees that have
access to critical data is aMUST, not a want. Over the years
I have had the privilege to work with many companies large and small, who have
different business needs. In many cases I hear all the reasons, (and
sometimes excuses) for not implementing a solution, policy or methodology. Sometimes
these reasons even make perfect sense! In making any business decision,
the choice to do, or not do anything is weighed by what I call the “risk vs.
reward scale”. Regarding Identity Management (IDM), if you have employees
with access to critical business information, you MUST put at least basic IDM
in place!
So what is Identity
Management? Bill Brant, CEO ofDirectory Services, Inc.says “IDM is
the technological automation and enforcement of business policies and processes
to manage the lifecycle of electronic credentials, entitlements authorization
and compliance mandates.” If you are in management like me, let me
translate in English. IDM automates your logins so your company is secure, and
you don’t lose millions of dollars, PLUS it increases productivity so you can
make millions of dollars. The following are my top three reasons IDM is a must,
not a want.
Reason One
(1): Provision of new employee credentials
Companies that do not
have Identity Management spend days to weeks to properly provision a new
employee, and with a high probability of improper provisions. The popular
method used to accomplish this task is a simple email request.
Typical email thread:
HR to IT Admin:
“Jack is starting today with us, can you get him a login?”
IT Admin to HR: Sure
what does he need?
HR to IT
Admin:“He is working in Sales, ask his supervisor.”
IT Admin to
Supervisor: “Jack is starting today, and I need to get him a login, what
accesses does he need?”
Supervisor to IT
Admin: “I don’t know, how about just copy the access rights from Jill, she’s
been here a while, so whatever she has must be right?
Risk to the company:
Jill was the Engineering Manager and Marketing Supervisor before becoming
the top sales person in the company. Each new position gave her role
specific rights that were never properly taken away as she changed roles.
Now she is being used as the “template” for user rights to new hires.
Jack the new hire, just gained access to engineering blueprints, and new “go to
market” strategies. In addition, the back and forth emailing took two weeks because
the supervisor was on vacation. Adding a face slap to a poke in the eye,
Jack the “new hire” is still being paid even though he had no access to do his
job. Sound familiar?
IDM to the rescue:
A company with IDM could implement automated provisioning of credentials by
role. A company would define the accesses any given role can have, and
further, lock out accesses for roles they should not have i.e. the janitor does
not need access to the accounting system. The IDM system’s automatic
provisioning process tool performed this task in seconds, and Jack was properly
provisioned before he sat at his new desk.
Reason Two (2):
Deprovisioning of terminated employee credentials.
In a company without
Identity Management the same situation occurs as in the scenario above, but
with more immediate consequences. The popular method of conducting
deprovisioning of credentials in a company without Identity management is by
way of a simple email request.
Typical email thread:
Supervisor to
HR:“Jack has been terminated immediately for bad attendance. Please put
all the termination protocols in place. He has been removed from the facility,
but he did not have his badge with him.”
HR to Supervisor: “Out
of Office Reply” I’m sorry, but I’m out of the office the next two weeks on my honeymoon.
I my absence please contact the supervisor”.
Supervisor to Manager:
“I just fired Jack, and need the termination protocols, but HR is out of the
office, what now”?
Manager to Supervisor:
“Who is her Backup in HR?”
Supervisor to Manager:
“I am, but I don’t know the protocol.”
Manager to HR:
“when you get back from your honeymoon, please terminate the supervisor, he
hired Jack who we think may have stole engineering plans and sold our marketing
plan to the competition after he was terminated because he still had his
accesses for the last two weeks! Of course we cannot prove it.”(side note
to reader Yes IDM applies here too for compliance and auditing, but that is
another article… Marc).
Manager to CEO:
“I have no idea how our engineering blueprints and our marketing plan got into
the hands of our competition?” It must have been Jill, she has
rights to both of those areas. By the way, I’m hearing our client list is being
aggressively called by our competition as well. It couldn’t have been Jack,
he’s been fired for weeks now.”
Ok obviously I was on
a little bit of a roll there with the Manager reply, but I think you get the
picture.
IDM to the rescue: A
company with IDM could implement automated deprovisioning of credentials by
Identity. In this scenario, Jack could have been deprovisioned before he
was even out the door. If he tried to access his client database from
home, he would have been locked out.
Reason Three (3):
Identity Synchronization and Password management
Did you ever think
that 3M would produce the world’s largest and most used Identity Management and
password vault tool! It is true! Its call the “Post-IT” note, and it can cost
you millions.
Some people may get
basic Directory Services and Identity Management confused. Directory Services
are a key part of IDM because this is where the Identities are managed. For
example, Active Directory, eDirectory, LDAP, are all network directory
services. What about your applications that maintain their own “directory
service database? This may be your custom built Inventory application, or ERP
system for example. How do you get these systems to talk? If you do
not have Identity management, you create separate login credentials for each
sub system, and have your end users become the (Identity Management).
This becomes the Identity Management by “Post-IT” note that was mentioned
earlier.
IDM to the rescue:
With IDM, companies can synchronize their user passwords between directories
and application directory databases giving your end users a single password to
manage for all systems. The next step would be to implement SSO, or
single sign on, which automatically uses a single login event to sign into
multiple databases eliminating the need to manually login to multiple systems
many times. I stop short of saying SSO is a “MUST” for all businesses, but it
sure is up on the list of “should haves”. I reserve the right to be on
the fence on the “SSO vs. Identity sync only” discussion depending on the
client needs.
Password management is
bundled into this category, but I could add this to the list on its own.
Some may argue that this is not IDM because it is a directory service
component, but I believe it is a component of IDM, so take it for what it is
worth. Password management in this scenario would be more than just
enforcing strong password policies; it would include “self service password”
assistance using challenge response questions and secure authentication methods
like multi factor authentication and one time passwords.
Strategies that make
it affordable:
There are many
different products out there that can facilitate Identity Management and Access
Controls. Some of the best are made byNovell, Sun, Oracle and
IBMRecently, the Identity Management space has become somewhat
commoditized in what I would call the “basic IDM” space. This would be the
space I touched on today, with provisioning / deprovisioning, password
management, and synchronization of identities. Some of this functionality is
being built into the OS and Directory Services of some vendor products from
Novell and Microsoft. Novell has Domain Services for Windows, eDirectory,
and the IDM bundle edition that ships with Novell Open Enterprise Server 2
(OES2). Most major directory services vendors have free self service
password management tools available for eDirectory, Active Directory, Sun
Directory Server etc). New companies are building targeted IDM solutions
based on open source like,GreyTowerfrom Directory Services, Inc., and
Sun. These solutions can be implemented without licensing costs, but also sell
support and maintenance if you need it.
Take the first steps.
Contact your trusted Identity Management advisor and discuss your options. Make
sure they are not tied to any single vendor or you will get a single option
presented that may not fit your business. Remember, IDM is a MUST!
|
About the Author: Marc Potter RSS for Marc's articles - Visit Marc's website Marc R. Potter CEO, Verologix, LLC and Vice President, Business Development Directory Services, Inc. An industry expert, Marc has been cited in several national publications including, Ingram Micro Channel Advisor, and Information Week. He has been invited to speak at industry events on messaging and collaboration strategies for security, compliance and e-discovery. Potter's extensive experience, leadership qualities, and employee empowerment approach have delivered an impressive history of leadership achievements. A former professional musician (guitar player), and music lover, Potter spends much of his time working on new innovative business ideas, and building his business ventures into the premier IT innovators in the world. Most recently, Marc has been working with industry innovator Directory Services, Inc, to make new industry advances in Identity Management and Access Control solutions. Potter is a University of Phoenix Alumni, graduating with a BS in Business Administration. Marc Potter resides in Arizona with his wife Lisa.
Click here to visit Marc's website 5 Virtualization Strategies for the Budget Challenged and Reasons to Start NOW 3 Reasons Identity Management is a MUST and strategies to make it affordable No Disaster Recovery No Excuses New Strategies that make it affordable |
Related Forum Posts
Share this article with your friends. Fund someone's dream.
Leave a comment below or share on the left and you'll help support entrepreneurs in Africa through our partnership with Kiva. Over $50,000 raised and counting - Please keep sharing! Learn more.
Get advice & tips from famous business
owners, new articles by entrepreneur
experts, my latest website updates, &
special sneak peaks at what's to come!
You Have A Website What Now
Steps For Starting A Small Business
Designing Employee-Enhancing Training Programs
Email us your ideas on how to make our
website more valuable! Thank you Sharon
from Toronto Salsa Lessons / Classes for
your suggestions to make the newsletter
look like the website and profile younger
entrepreneurs like Jennifer Lopez.



