IT decision-makers view identity and access management (IAM) as key to increasing enterprise security, managing IT costs and enabling compliance with government regulations.
This is the result of a new research study on IAM, conducted by Unisys at the Digital ID World 2004 conference. IAM is the process of establishing and managing the digital identities that provide secure access to networks, sensitive information and other business resources.
The study, which surveyed C-level executives and IT managers at large US companies, revealed numerous issues surrounding the economics of IAM, as well as budgeting issues and varying speeds of adoption for specific types of IAM solutions being deployed to secure enterprise IT infrastructures and information resources.
Of the respondents, 77% view an effective IAM system as a primary means of protecting against corporate network intrusions resulting from identity theft and other attacks originating either inside or outside the enterprise.
Respondents indicated a prudent hesitation to simply throw money at the security issue. Instead, they expressed a desire to ensure the system delivers a defined economic benefit.
Six out of 10 respondents want an IAM solution that enables them to manage or reduce operational costs, and nearly half view achieving return on investment (ROI) as a key factor in judging the success of their IAM implementation. That concern is even higher among decision-makers from companies with revenues of $3 billion or more - indicating that ROI is even more critical to larger companies with more at stake.
Of respondents, 92% who are responsible for regulatory compliance identified IAM as key to their strategy for compliance with rules mandating safeguards for sensitive information. Those include Sarbanes-Oxley (SOX) in corporate governance, the Health Information Portability and Accountability Act (HIPAA) in healthcare, and the Gramm-Leach-Bliley Act (GLBA) in financial services.
The research showed that the higher-ranking the respondent, the more likely they were to rate IAM as "extremely important" for compliance. Of those interviewed, 87% indicated they plan to budget funds for IAM in 2005, with more than 55% increasing their IAM budgets by an average of 19% over 2004. That commitment suggests that IT decision-makers have prioritised IAM as an area for special action.
"This research clearly demonstrates that identity and access management is being viewed by senior IT management as an imperative part of an enterprise business strategy," says Geoff Tuck, regional sales director: GIS, at Unisys in South Africa. "IAM is no longer a nice-to-have, it`s a need-to-have for infrastructure security that helps organisations effectively control access to information, manage the user lifecycle, and achieve corporate and legislative compliance."
The survey also examined the adoption and penetration rates of the most commonly used types of IAM solutions, including:
* Single sign-on - the most widely adopted IAM solution - enables a user to access multiple Web applications through a single point of contact without needing to maintain or remember multiple passwords. Even with a high rate of adoption, there is still plenty of opportunity for, and interest in, further deployment. Of respondents, 93% were familiar with single sign on and 53% of respondents have already implemented it, or are in the process of implementation, with another 37% planning to do so in the next one to four years.
* Role-based access control - grants users access privileges according to their function, not their personal identity. Workers are granted only the privileges they need to perform their jobs. This can yield significant improvements in operational efficiency by eliminating the logistical adds, moves and changes that occur when identity is tied to the individual rather than to the functional role. Role-based access control was the next most recognised IAM solution after single sign on. More than 80% of respondents were familiar with it, with 37% saying they have already implemented or are currently implementing it and 41% planning to implement it within the next four years.
* Federated identity management - enables participating organisations to co-operate in sharing each other`s authentication and authorisation services. It is particularly useful for secure information sharing with external partners and suppliers, or among business units in a company. It is the most nascent and currently the least implemented IAM solution: 62% of respondents indicated familiarity with it, but only 19% have implemented it. However, 37% plan to implement a solution within the next four years. The adoption rate for federated identity management could accelerate with the acceptance of a single standard - most likely the emerging Security Assertion Markup Language 2 (SAML 2). Nearly 90% of respondents agreed that the emergence of an accepted standard is an important goal.
The respondents consistently expressed a desire for a strong partner to help them implement IAM solutions. More than 60% said they sought a solutions partner offering maximum flexibility and breadth of solutions, while a similar percentage sought one capable of handling all aspects of the solution - commonly described as design, build and manage.
"In this respect Unisys is such a partner offering proven solutions and methodology," says Tuck. "We have dedicated consulting expertise, end-to-end services delivered with a single point of accountability. Our AIM services can help clients develop the right underlying processes, build a solid IT infrastructure that enables them to more quickly, effectively and securely go about the business of growing their business."
Share
Unisys is a worldwide information technology services and solutions company. Our people combine expertise in consulting, systems integration, outsourcing, infrastructure and server technology with precision thinking and relentless execution to help clients, in more than 100 countries, quickly and efficiently achieve competitive advantage. For more information, visit www.unisys.co.za.
Editorial contacts