Identity management: Is it now or never?

As organisations continue to evolve in order to improve their accessibility to customers, partners, vendors, suppliers and employees, they deploy an ever-increasing number of disjointed systems and applications.

Whichever way you look at it, organisations are just simply not structured for optimum accessibility, which has led to the deployment of incompatible security models, different auditing mechanisms - increasing the risk of identity theft and unauthorised access and the failure to meet regulatory compliance.

And to make matters even worse, the above had lead to fostered identity silos and numerous instances of duplicate efforts.

The reality is if organisations want to leverage the 24x7 availability of the Internet, they have to provide a service that is driven by identity and access management, offering audible proof that only appropriate access is granted to critical data.

Identity management is not one-dimensional, but comprises multiple and distinct populations of identities. Every type of population requires identity and access management, but has its own requirements.

Employee populations, for example, require a traditional, inward-facing security management solution that includes low-level identity management that focuses on access to physical resources and IT systems, and protects internal systems.

Customer populations, on the other hand, require outward-facing security management that enables secure Web access to customer services. Here, the solution must include high-level identity management, extranet access management, Web services infrastructure and large-scale directories.

Lastly, partner accessibility is driven by cross-organisational transactions. Legal frameworks dictate business-oriented identity and access management, allowing transactions to securely occur between independent identities.

Business-oriented identity and access management supplies a secure Web services infrastructure that addresses issues associated with cross-company authorisation as well as applicable standards such as UDDI, Security Assertion Markup Language (SAML), Service Provisioning Markup Language (SPML), Web services standard and PKI.

In saying this, there`s still not consensus on the various Web services standards, which often leads to IT managers having to choose between competing standards.

Taking a step away from the various identities, on-demand computing, also known as utility computing, has increased the need for identity and access management due to its need to provide, provision and secure.

In today`s on-demand environment, system management tools monitor the computing capacity of IT environments, realising the "do more with less" approach. However, identity and access management tools must complement system management tools in order to allocate access to new systems and services while installing access controls on system resources.

Another critical issue is that organisations are losing opportunities because they are not able to recognise who they are dealing with.

Again, an effective identity and access management approach will enable companies to fight threats and vulnerabilities such as Web site vandalism, stolen user information, confidentiality breaches and even identity theft.

The ideal identity and access management solution combines provisioning, policy enforcement and end-to-end auditing to ensure that all aspects of the identity lifecycle are securely and efficiently managed, including the impact of identity activity on access to business-critical assets.

The key features needed in an identity and access management solution are:

* Role- and rule-based provisioning of employees, customers and partners;
* Role-based access control for distributed platforms, the Web, Web services and mainframe; and
* Auditing of administration, account activity and access privileges.

Organisations` critical data and processes are more exposed than ever before, the time is now to deploy an identity and access management framework that ensures that access to corporate resources is only granted to authorised users, whether it`s an employee, customer or partner.