FINANCIAL SERVICES INDUSTRY UPDATE

Identity Management Secures Bottom Line Benefits for Customers

By Alan Joch

Many companies intuitively understand that identity management (IdM) is key to keeping enterprises secure and helping ease the burden of regulatory compliance. But there's another important benefit that speaks to the needs of every conscientious organization: It helps the bottom line.

The right IdM strategy and technologies can help enterprises save millions of dollars a year through greater worker productivity and reduced IT administrative expenses.

Studies have determined that enterprises can save hundreds of dollars per employee per year in reduced help desk calls from SSO and self-service passwords. In addition, business researcher Burton Group estimates that companies can see productivity gains of $1,250 annually per user from automated provisioning of security rights.

The first step may require a change in thinking about old and new security models. In the past, security best practices centered around erecting firewalls to electronically stonewall unauthorized outsiders from reaching company applications and data. The e-business age changes this somewhat inflexible approach as financial services firms actually encourage partners and customers to tap into internal resources, but in a precise way that requires a reliable series of authorizations based on each individual's roles and responsibilities.

At the heart of that precision is a centralized system for recognizing individuals by their security profiles and flexibly adding to or cutting back on their access rights as conditions change. Centralization also reduces the time administrators devote to tracking and auditing the access histories of individual workers, a necessary task for achieving the requirements of a growing number of government and financial services industry regulations.

By breaking down the silos of the individually managed security policies associated with each enterprise application, the centralized identity and access approach also opens cost saving efficiencies. Security and IT administrators spend less time managing the overhead that comes when workers must remember handfuls of passwords for various enterprise resources.

For example, single sign-on (SSO) capabilities within an IdM framework let workers connect to a variety of internal applications or to information available on portal networks by using a single password, not one for each resource. How economically significant is this? One Oracle customer reports that SSO cut $4 million in administrative overhead costs associated with password administration for its 130,000 employees.

Additional automation becomes possible when IdM systems provide automated workflow capabilities that turn traditionally manual access and authorization approvals into electronic processes that efficiently route signoffs to each necessary party.

IT departments also benefit from centralized IdM with the ability to uniformly apply existing security policies whenever it launches new applications. Gone are the days of hard wiring security policies separately into new programs. This approach also easily accommodates service-oriented architectures by assuring that access rights control who can use each Web service.

One large Oracle IdM user reports $1.2 million in monthly cost savings from reduced identity management administration chores, made possible with centralized IdM. In addition, the firm created close links between employees and a Web portal that provides technical data from a partner—without forcing IT managers to monitor separate security profiles.

One new technology area that promises significant returns is virtual directories, which combine data in real time from multiple user data stores and directories to provide a single LDAP-based interface to applications. Typically organizations evolve to contain multiple user directories, whether due to organizational boundaries or mergers and acquisitions. The challenge arises when trying to deploy an enterprisewide application such as a portal or ERP application that requires a single LDAP-based directory. Virtual directories solve this problem by integrating data on the fly, eliminating the need to synchronize and consolidate multiple directories.

It's another sign that the right IdM solution makes financial as well as security sense.

Alan Joch is an independent writer focusing on business and technology.

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.

Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.