FINANCIAL SERVICES INDUSTRY UPDATE

Nine Keys to Unlocking Strong Identity Management Technology

By Alan Joch

Done right, identity management (IdM) can be the security glue that helps financial services firms thwart fraud and identity theft. But with all the claims and counterclaims about what's important in an IdM framework, finding the right solution can be daunting. To help financial services companies in their search, experts advise decision makers to focus on nine key areas.

1. Centralized Administration: IdM systems should provide a central management console for administering security settings and access policies. Without central control, managers waste time and risk inaccuracies as they try to administer security authorizations across applications and data sources. Centralization also helps managers uniformly apply changes as security policies and procedures evolve. Finally, centralized administration enables large cost savings through automating password resets and delegating administration to business owners.

2. Single Sign-On (SSO): Rather than forcing users to authorize themselves separately before using individual applications or data resources, SSO lets workers establish their security profile once, and then gain access to all authorized areas. Because users need to remember only one username and password, SSO reduces the potential for lost or stolen security codes.

3. User Provisioning: For many organizations, the task of creating new accounts for new users is a manual process driven by e-mail, and that can take several days to implement and be prone to error. Even scarier is that access for users who have left or changed roles is often not revoked, inviting undetected security breaches.

IdM solutions can automate both user provisioning and deprovisioning, and integrate it into a company's HR system. This ensures that new employees are automatically provisioned for the appropriate systems based on their role, and terminated users are immediately deprovisioned.

4. Federation: The rise of Web-based business processes means B2B activities frequently cross over to partners via Web sites, portals, and extranets. Strict security and regulatory-compliance policies must still apply to these "beyond the firewall" applications. Look for IdM systems that support key federation standards, including Liberty Alliance protocols, the Security Assertion Markup Language (SAML), and Web Services Federation (WS-Federation).

5. Auditing: To ensure that security best practices are being followed and to provide reports necessary for regulatory compliance, the IdM framework should include auditing tools that keep ongoing records about individuals and their access, as well as histories of who accessed what resources. Today's regulations often stipulate that companies certify access histories over regular three- to six-month periods.

6. Comprehensive Suites: IdM solutions should address a wide range of security issues, including SSO, identity provisioning, identity administration, federation, directory services including virtual directories, and Web services security. Organizations are bound to need most of this functionality at one point or another. A vendor that offers best-of-breed functionality across all these areas is most likely to be your best technology partner both today and tomorrow.

7. Integration: The best IdM solutions apply corporate security policies within business applications, database management systems, application servers, and Web servers. Integration should extend not only across the products sold by the IdM framework's vendor but also to any third-party technologies vital to the organization.

In addition, the IdM framework should offer APIs (application programming interfaces) for easy integration with commercial identity-profile directories and management and provisioning tools used by the enterprise.

8. Open Standards Support: Standards are important for IdM system flexibility today and into the future. Accordingly, the identity directory should support the widely used Lightweight Directory Access Protocol (LDAP) internet standard for managing profiles and privileges. Similarly standards such as SAML 2.0 and Liberty Alliance protocols play a key role in SSO and federation. Other noteworthy standards are XACML, SPML, and Kerberos.

In addition, Web services standards around identity and security are becoming increasingly important as enterprises continue to adopt secure service-oriented architectures. Web Services Security (WS-Security) is one such effort, which manages data integrity, confidentiality, and authentication in Web services.

9. Roadmap: Evaluate each vendor's future plans to provide a single source for enterprisewide user security provisioning, authentications, profile directories, Web access and services administration, reports, and PKI management.

For example, Oracle's Fusion Middleware provides an integrated suite of IdM capabilities that in the near future will weave security into enterprise applications—applications will be identity-aware out of the box and able to plug directly into an existing IdM framework.

Alan Joch is an independent writer focusing on business and technology.

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.

Oracle, JD Edwards, PeopleSoft, and Siebel are registered trademarks of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.