Identity Crisis
Continued
Gilbert says that these HR-based authorization procedures speed up user account access and drive down costs. If an administrator updates a certain attribute of an identity in one system, it will flow to the master identity record, and vice versa. Employee records created in the HR system link to Silicon Image's systems for procurement, expense management, and related applications. "When workers are terminated, we instantly deprovision all of their access privileges," he explains. "The auditors love that this stuff is so consistent."
As part of the implementation, Silicon Image also established a single-password policy and devised a workflow process that automatically provisions users for self-service purchasing and expense reporting. If a user submits a purchase order, an automated workflow application directs the process: acquiring the appropriate signatures and authorizations from the business-process owners and then routing the order through the necessary steps to complete the transaction in a secure, auditable way. "We can show the auditors that all pertinent information is in one place—all of the provisioning, all of the approvals, and all of the policies," says Gilbert. "That's a big advantage for us."
Driven by Efficiency and Control
IDC's Hudson says that most IT organizations are still in the early stages of establishing their IDM foundations. Once they have tackled the key aspects of deploying the technology internally, they commonly offer federated access to customers and partners. This allows external users to securely access internal applications across organizational boundaries.
"Today, the majority of IT enterprises are still dealing with the challenging requirement of deploying security to each device within their organizations, as well as to the policy servers on the back-end systems," Hudson says. "Most people readily see the advantages that an application-centric IDM solution can provide. For example, having a single point of administration and a single point of approval creates genuine efficiencies for users—and makes it easier to comply with demands from auditors."
Driven by ROI
While many companies are deploying IDM in reaction to concerns about security, compliance, or efficiency, Rizvi emphasizes that the software pays off in several ways. Employees are more productive, since they generally gain a more cohesive way to access the information assets of the enterprise and no longer have to manage multiple usernames and passwords. That leaves help desks with fewer tickets associated with insufficient access privileges and password resets. Auditing becomes easier and more sustainable, and the risk of a security breach—and the associated loss of company assets and credibility—is dramatically reduced. Finally, once the IDM software is in place, it's much easier for developers to deploy new systems that leverage a common and comprehensive security infrastructure.
For MphasiS, the ROI stems from the company's ability to offer better customer service. According to Singh, the global solutions provider has been able to meet clients' information security service-level-agreement requirements while at the same time dramatically reducing the average lead time for responding to service requests from 5 days to 15 minutes across 10 different applications. While it's difficult to tie an exact number to these savings, having a smoothly running security operations and consulting practice is invaluable.
At Silicon Image, the payback comes in the form of a more-efficient IT operation. "We've calculated an 80 percent reduction in ticket volume to the IT help desk for provisioning or deprovisioning requests," says Gilbert. "My highly paid analysts are not burdened with the day-to-day chores of user account management. It's now handled by a workflow process that's constant, accurate, and consistent."
For More Information
Oracle Identity Management
David Baum is a freelance writer based in Santa Barbara, California.
