Identity Crisis

Continued

Driven by Compliance

In a world characterized by strict financial controls and continual oversight by government regulators, public companies need to keep close tabs on who can access their financial systems. In this context, IDM systems are often deployed as preventive solutions. For example, they help address Section 404 of the Sarbanes-Oxley regulations, ensuring that internal controls are in place around who can access which financial reporting applications. IDM systems also generate detailed audit logs to track who is accessing which applications.

For Silicon Image, achieving this level of control was one of the motivating factors for adopting centralized IDM software. The Silicon Valley company, which creates semiconductor solutions for high-definition multimedia and data storage applications, wanted to establish consistent, auditable authorization procedures for all of its users, from data entry clerks to the CEO. "We had a lack of consistency in our password policy across key Sarbanes-Oxley-compliant applications," says Kenny Gilbert, director of technology services at Silicon Image.

As an engineering company, Silicon Image's innovative solutions are driving industry standards for digital content delivery in the consumer electronics and personal computer markets. The company has remained nimble in the face of rapid change. Its IT infrastructure has evolved quickly, leading to multiple usernames, passwords, and access policies for different business applications. "We ended up with people writing passwords on sticky notes, which was a huge compliance issue," Gilbert notes.

Silicon Image selected Oracle Identity Manager because it could handle all of their user access and authorization needs, as well as their Sarbanes-Oxley compliance requirements. According to Gilbert, it began with a desire to automate hiring and termination activities. Previously, the company had several different procedures for granting network and facilities access: one for employees, another for temps, and a third for contractors. "To satisfy Sarbanes-Oxley requirements, we need consistent, orderly, and timely provisioning processes when we hire and terminate personnel," Gilbert says. "In the past, an HR person would notify the IT department about changes in user status via multiple help desk tickets, and too many people had to get involved."

This also yielded conflicting information about an individual's identity, which could vary depending on whether an employee record was pulled up from the intranet portal, Microsoft Exchange, or the HR database. "When an identity is scattered among multiple systems, it's almost impossible to keep it updated," Gilbert explains.

Oracle's Rizvi says that large organizations frequently encounter this issue. One solution is to maintain IDM information in the HRMS. From there, it becomes an integral component of a wider application framework—ultimately taking the form of a business service that is available to many applications. "When identity management is delivered as a service, the user profiles that are created when employees are first entered into the HR system are the same profiles used to create, approve, and enable companywide system credentials," he explains. "Their access privileges are all created as part of a single business process."

Silicon Image is demonstrating the wisdom in this approach. Its HRMS is now the primary data feed for all user identity information, governing access to buildings and networks. The HR application maintains consistency among UNIX LDAP directories, Microsoft Active Directories, and other applications from Oracle and third-party providers. Consequently, whenever the HR department changes the job role or employment status of a user, corresponding changes to accounts and access privileges occur automatically, based on the company's business policies.