Tweet

3 Reasons Identity Management is a “MUST”… and strategies to make it affordable

Written by: Marc Potter

Article Overview: Identity Management for companies with employees that have access to critical data is a MUST. Over the years I have had the privilege to work with many companies large and small, who have different business needs. In many cases I hear all the reasons, (and sometimes excuses) for not implementing a solution, policy or methodology. Sometimes these reasons even make perfect sense! In making any business decision, the choice to do, or not do anything is weighed by what I call the “risk vs. reward scale”. The article gives three basic reasons Identity Management is a MUST

3 Reasons Identity Management is a “MUST”… and strategies to make it affordable



Let me be clear about what I’m saying. Identity Management for companies with employees that have access to critical data is aMUST, not a want. Over the years I have had the privilege to work with many companies large and small, who have different business needs. In many cases I hear all the reasons, (and sometimes excuses) for not implementing a solution, policy or methodology. Sometimes these reasons even make perfect sense! In making any business decision, the choice to do, or not do anything is weighed by what I call the “risk vs. reward scale”. Regarding Identity Management (IDM), if you have employees with access to critical business information, you MUST put at least basic IDM in place!

So what is Identity Management? Bill Brant, CEO ofDirectory Services, Inc.says “IDM is the technological automation and enforcement of business policies and processes to manage the lifecycle of electronic credentials, entitlements authorization and compliance mandates.” If you are in management like me, let me translate in English. IDM automates your logins so your company is secure, and you don’t lose millions of dollars, PLUS it increases productivity so you can make millions of dollars. The following are my top three reasons IDM is a must, not a want.

Reason One (1): Provision of new employee credentials

Companies that do not have Identity Management spend days to weeks to properly provision a new employee, and with a high probability of improper provisions. The popular method used to accomplish this task is a simple email request.

Typical email thread:

HR to IT Admin: “Jack is starting today with us, can you get him a login?”

IT Admin to HR: Sure what does he need?

HR to IT Admin:“He is working in Sales, ask his supervisor.”

IT Admin to Supervisor: “Jack is starting today, and I need to get him a login, what accesses does he need?”

Supervisor to IT Admin: “I don’t know, how about just copy the access rights from Jill, she’s been here a while, so whatever she has must be right?

Risk to the company: Jill was the Engineering Manager and Marketing Supervisor before becoming the top sales person in the company. Each new position gave her role specific rights that were never properly taken away as she changed roles. Now she is being used as the “template” for user rights to new hires. Jack the new hire, just gained access to engineering blueprints, and new “go to market” strategies. In addition, the back and forth emailing took two weeks because the supervisor was on vacation. Adding a face slap to a poke in the eye, Jack the “new hire” is still being paid even though he had no access to do his job. Sound familiar?

IDM to the rescue: A company with IDM could implement automated provisioning of credentials by role. A company would define the accesses any given role can have, and further, lock out accesses for roles they should not have i.e. the janitor does not need access to the accounting system. The IDM system’s automatic provisioning process tool performed this task in seconds, and Jack was properly provisioned before he sat at his new desk.

Reason Two (2): Deprovisioning of terminated employee credentials.

In a company without Identity Management the same situation occurs as in the scenario above, but with more immediate consequences. The popular method of conducting deprovisioning of credentials in a company without Identity management is by way of a simple email request.

Typical email thread:

Supervisor to HR:“Jack has been terminated immediately for bad attendance. Please put all the termination protocols in place. He has been removed from the facility, but he did not have his badge with him.”

HR to Supervisor: “Out of Office Reply” I’m sorry, but I’m out of the office the next two weeks on my honeymoon. I my absence please contact the supervisor”.

Supervisor to Manager: “I just fired Jack, and need the termination protocols, but HR is out of the office, what now”?

Manager to Supervisor: “Who is her Backup in HR?”

Supervisor to Manager: “I am, but I don’t know the protocol.”

Manager to HR: “when you get back from your honeymoon, please terminate the supervisor, he hired Jack who we think may have stole engineering plans and sold our marketing plan to the competition after he was terminated because he still had his accesses for the last two weeks! Of course we cannot prove it.”(side note to reader Yes IDM applies here too for compliance and auditing, but that is another article… Marc).

Manager to CEO: “I have no idea how our engineering blueprints and our marketing plan got into the hands of our competition?” It must have been Jill, she has rights to both of those areas. By the way, I’m hearing our client list is being aggressively called by our competition as well. It couldn’t have been Jack, he’s been fired for weeks now.”

Ok obviously I was on a little bit of a roll there with the Manager reply, but I think you get the picture.

IDM to the rescue: A company with IDM could implement automated deprovisioning of credentials by Identity. In this scenario, Jack could have been deprovisioned before he was even out the door. If he tried to access his client database from home, he would have been locked out.

Reason Three (3): Identity Synchronization and Password management

Did you ever think that 3M would produce the world’s largest and most used Identity Management and password vault tool! It is true! Its call the “Post-IT” note, and it can cost you millions.

Some people may get basic Directory Services and Identity Management confused. Directory Services are a key part of IDM because this is where the Identities are managed. For example, Active Directory, eDirectory, LDAP, are all network directory services. What about your applications that maintain their own “directory service database? This may be your custom built Inventory application, or ERP system for example. How do you get these systems to talk? If you do not have Identity management, you create separate login credentials for each sub system, and have your end users become the (Identity Management). This becomes the Identity Management by “Post-IT” note that was mentioned earlier.

IDM to the rescue: With IDM, companies can synchronize their user passwords between directories and application directory databases giving your end users a single password to manage for all systems. The next step would be to implement SSO, or single sign on, which automatically uses a single login event to sign into multiple databases eliminating the need to manually login to multiple systems many times. I stop short of saying SSO is a “MUST” for all businesses, but it sure is up on the list of “should haves”. I reserve the right to be on the fence on the “SSO vs. Identity sync only” discussion depending on the client needs.

Password management is bundled into this category, but I could add this to the list on its own. Some may argue that this is not IDM because it is a directory service component, but I believe it is a component of IDM, so take it for what it is worth. Password management in this scenario would be more than just enforcing strong password policies; it would include “self service password” assistance using challenge response questions and secure authentication methods like multi factor authentication and one time passwords.

Strategies that make it affordable:

There are many different products out there that can facilitate Identity Management and Access Controls. Some of the best are made byNovell, Sun, Oracle and IBMRecently, the Identity Management space has become somewhat commoditized in what I would call the “basic IDM” space. This would be the space I touched on today, with provisioning / deprovisioning, password management, and synchronization of identities. Some of this functionality is being built into the OS and Directory Services of some vendor products from Novell and Microsoft. Novell has Domain Services for Windows, eDirectory, and the IDM bundle edition that ships with Novell Open Enterprise Server 2 (OES2). Most major directory services vendors have free self service password management tools available for eDirectory, Active Directory, Sun Directory Server etc). New companies are building targeted IDM solutions based on open source like,GreyTowerfrom Directory Services, Inc., and Sun. These solutions can be implemented without licensing costs, but also sell support and maintenance if you need it.

Take the first steps. Contact your trusted Identity Management advisor and discuss your options. Make sure they are not tied to any single vendor or you will get a single option presented that may not fit your business. Remember, IDM is a MUST!

Related Articles
  Image Versus Identity
  Ways to Design Business Cards
  An Identity Theft Call Center - A Necessity In Today's Information Age
  Everything You Do
  POSITIVE IDENTITY

Article Tags: automat, bill brant, business decision, business policies, critical business, critical data, directory services, electronic credentials, idm, lifecycle, management bill, perfect sense, privilege, sans serif font, size 9, size medium, span style, style font, style text, text decoration



Related Forum Posts
No B.S. Time Management - A great book I read on Time Management is No B.S. Time Management for Entrepreneurs by Dan Kennedy.
Anyone know a reputable link building company? - Hi forum members, I am thinking of hiring a SEO company to do some link building for our company. I have been very cautious in my link building strategies up until now but no longer have the time to focus on it. My fear is in hiring some company that will build links unethically, or even worse, in some manner that will look bad on our company. Has anyone used any ethical and affordable link building services and did it help your business? Thanks
HRPreneur - Hi everyone, I am new to the forum and I recently started my own Human Capital (HR) consulting firm called HRPreneur Inc. HRP focuses on making human capital a strategic differentiator for SME's. Below is a summary about HRP; Who We Are: HRP is a Human Capital consulting firm with 30 years of experience that becomes an extension of your company by providing a full array of services to help you create a highly engaged workforce focused on achieving strategic results in order to build a long lasting great company! Mission: HRP provides small and medium sized businesses a Strategic HR Business Partner to increase employee engagement, resulting in cost savings, increased productivity and results at an affordable rate! Vision: To inspire and warrant SME's reach their full competency! Cost Effectiveness: We provide over 30 years of experience at a fraction of the cost at a strategic executive HR business level You will save between 50% to 60% in costs per year on salary, bonus, benefits, training, office space alone We will provide you additional cost efficiencies through our services Services: • Strategic Human Resources Planning • Organizational Redesign • Change Management • Organizational Culture Development • Employee Engagement Programs • Leadership Assessment and Development • Compensation Design • Talent Acquisition • Assimilation and On-Boarding • Performance Management • Talent Management & Succession Planning • Human Resources Due Diligence • Human Resources Audit • Full Service HR Outsourcing
Re: 10 Reasons Who Startups Fail & Book Recommendations - Great post,but please edit the headline. I presume it is "10 Reasons Why Startups Fail & Book Recommendation
Re: Making Money in 2011 - My goals in 2011 is to make obviously more money from google adsense and make more sales for the affiliate products I am currently promoting plus learn more internet marketing strategies for the success of my online business.


Share this article with your friends. Fund someone's dream.

Leave a comment below or share on the left and you'll help support entrepreneurs in Africa through our partnership with Kiva. Over $50,000 raised and counting - Please keep sharing! Learn more.

Tweet

Newsletter

Get advice & tips from famous business
owners, new articles by entrepreneur
experts, my latest website updates, &
special sneak peaks at what's to come!

Name:
Email:

Popular Articles

You Have A Website What Now

Steps For Starting A Small Business

Designing Employee-Enhancing Training Programs

Suggestions

Email us your ideas on how to make our
website more valuable! Thank you Sharon
from Toronto Salsa Lessons / Classes for
your suggestions to make the newsletter
look like the website and profile younger
entrepreneurs like Jennifer Lopez.