HVL/Nulli Secundus 2001 Identity Management Guy Huntington, President HVL Derek Small, President...

HVL/Nulli Secundus 2001

Identity Management

Guy Huntington, President HVLDerek Small, President Nulli Secundus


Why Bother?• Identity management leads to

significantly reduced costs, improved service, increased productivity and competitive advantages over competitors

• E-business requires a high degree of system integration

• Identity management is the place to start in rethinking system workflows


Identity Management

• Identity Management is the secure process of defining, creating, handling, updating and archiving core information about an individual


Core Information

• Core information includes such basics as name (first, last, full name, common name), identification number(s), contact information, and any other information about an individual the enterprise deems important to securely gather, store, monitor and exchange portions of between systems


But We Already Do That!

• You’re right…you do it potentially hundreds of different ways and that’s where the problems and opportunities are

• The ERP, HRIS, financials, payroll, data warehouses, CRM, marketing, sales, manufacturing, security, network, portals, contact management, e-mail, facilities and all your other 100-200 systems create, store, handle, archive and secure identities their own way


Identity Universes

• Each application has a system of managing identities that lacked identity standards when they were built

• From an identity management perspective, each system in effect views itself as if the other systems don’t exist

• You might be surprised how much this approach is costing you in productivity, maintenance costs and competitive advantage


Look-Ups & Org Charts• Companies like Cisco and

others have calculated the cost to their company in finding out who people are in the organization, their reporting structure and how to contact them

• The costs with their old legacy systems are in the tens of millions of dollars each year


• Not being able to find people instantly causes an even bigger hit in overall productivity

• Too much time is spent on trying to find information and people rather than dealing with the core tasks pertinent to achieving corporate goals

Look-Ups & Org Charts


New Hires

• Poor identity management for the new hire process is another big financial and productivity hit in corporations

• Often the new hire may take weeks and even months to get finished with all the 100-200 business system registrations


New Hires

• What is the cost to your corporation for every day, week and month of lost productivity for new hires?

• The costs can easily be millions or tens of millions of dollars annually


Competitive Advantage

• In the world of internet time, integrating systems internally, between you and your partners and with the internet for your customers is imperative

• The cost you pay for poor, slow and expensive identity information transfer between your systems is a competitive disadvantage against competitors who have figured out a modern identity management strategy makes money


Competitive Advantage

• By instantly synchronizing all your identity systems, you can consider new forms of doing business with your customers

• Offer new identity based services from your back-office systems to improve service

• Integrated, nimble identity systems means fast response to market changes

• Provides greater control over ensuring the customer their information is secure


Security• In e-business, the lack of coordinated

identity systems often leads to security lapses– Time lapse– Information continuity

• Customer, employee or business partner identity information may be placed at risk or inadvertently given out


Security• The response time to making an identity

change creates security breaches – A consultant leaving a company may still remain

for some time with network, application and even authorization privileges

– A customer requesting their information be kept confidential may find themselves still on mailing, distribution and publicly available access lists for months after making the request

– Companies may have trouble ensuring employee home numbers/social security id’s are not given out and are properly secured


Security• The evolving information laws in Europe

and Canada in particular place the onus on the company to ensure employee and customer information is secure

• The potential for litigation and adverse public perception in the marketplace increase by relying on older systems that weren’t designed with integrated identity security in mind


Security• The desire for single sign on for

customers, business partner’s employees and your own employees means identity system integration is a must

• How else are you going to standardize, coordinate and enforce authentication within a domain, between domains and with your customers?


Is There a Magic Bullet?

• No

• There are however many short terms steps you can take to put yourselves on the road to a modern identity management strategy and tactical deployment thereof


Grunt Work• The first step is to prioritize

the identity management systems for integration and change

• You’re looking for low hanging financial fruit, strategic gain and internal productivity improvements– Integrating identity

information in HR, HRMS, ERP’s and NOS’s are good starting points


Grunt Work • Then begins the task of diving into the minutiae of how these identity systems currently work– What information is stored?

– What’s the syntax used?

– How long are the fields?

– What character sets do they use?

– What’s the authoritative source?

– Which other systems use the same information?

– These are just some of the many starting questions


Grunt Work • The grunt work continues with examining who gets to see which identity attribute, who gets to modify it and who’s notified when any change to it is made?

• This is the heart of creating new streamlined workflow and secure identity management processes


Coordinating Systems

• Your existing identity information will likely be stored in a variety of databases

• A few may use directories

• You need to consider a directory strategy acting as a central coordination hub for the identity systems


Why Directories?

• Directories have a common standard “Lightweight Directory Application Protocol” (LDAP) for coordinating how information is stored and queried– You need a tool with a standard to

coordinate your disparate identity systems

• They’re optimized for fast reads– It’s critical in e-business that the

solution be fast for identity management including authentication


Do I Keep My Databases?

• Yes• You’ll use the directory to

coordinate them• You may eliminate the identity

portion of some systems and place it in a directory where it’s cost effective

• Others such as PeopleSoft v8 are now directory compatible and ease integration with external systems via the directory while still using their extensive internal databases and data warehouses


Directories • A typical directory project often has an ROI of between 5 and 7 times investment

• You need a directory strategy addressing identity system integration


Directory Design

• The design of the directory may be one of most critical decisions you make

• A poor design can cost money, time and effort in constantly changing as rapid changes occur in your organization


Directory Design

• The performance of the directory is also impacted by how you design the directory– That’s important when you’re

using the directory several thousand times a second to query for e-mail addresses, name, contact and org chart lookups, authentication and authorization


Is a Directory All I Need?

• No, it’s just the beginning• How are you going to manage and

display the identity information?• How are you going to ensure the

identity security within and between your systems, your business partners’ systems and the interaction with your customers?


Displaying Identity Information

• Let’s assume you’ve now got your internal identity systems coordinated and it’s time to get the employees, portal users, extranets and customers via the internet seeing the identity information they’re entitled to

• What’s your game plan?


Displaying Identity Information

• Directories are not end-user friendly

• Unless you want to teach everyone how to use LDAP syntax, you better think about some middleware tools to make it so easy to use the end user community loves and uses your new identity systems


What’s Required?

• Integrate with your intranets, extranets, portals and internet sites

• Graphically easy to search for, retrieve and display identity information

• See org charts on line if desired• What the user sees is based on their

security privileges


Delegated Identity Administration

• How are you going to manage the incredible volumes of identity information securely and cost efficiently?

• The answer is to use delegated identity administration

• You need tools allowing delegation of the identity administration by different methods including dept, title, object class, rules, roles or name


Self Serve Identity Administration

• Some portion of your identities may be best administered by the end-user themselves be it the employee, business partner employee or customer

• You need tools that allow you to securely delegate the administration as far down towards the end user as you deem appropriate


Self Serve Identity Administration

• The end user modification must be easy to do

• Needs to integrate with your other systems to streamline the workflows


E-Business Infrastructure Tools!

• Managing the whole identity process, securing it, delegating, displaying and integrating it with your systems is not trivial

• In our practice, we use Oblix as a primary infrastructure tool to coordinate and manage the identity process


Oblix

• Oblix produces two products “Publisher” and “NetPoint” to handle identity administration and security

• Directory based

• Integrates identity, authentication, authorization and auditing systems


Oblix Publisher

• Provides delegatable identity management to the level(s) you desire

• Integrates identity display with intranets and extranets

• Displays on-line org charts• Displays based on what the user is

allowed to see


Oblix

• Issue workflow requests to manage identity changes

• Control view, modify and notify privileges for each identity attribute

• Easy to scale across an enterprise• Works with different directory

vendors


The Bottom Line

• Identity management is critical to your profitability, responsiveness and productivity

• Identity management can be a cornerstone of a modern corporate infrastructure strategy with proper management, planning and tools


I’d Like to Learn More

Guy Huntington, HVL:• [email protected]• www.hvl.net• 604-921-6797

Derek Small, Nulli Secundus:• [email protected]• www.nulli.com• 403-270-0657

HVL/Nulli Secundus 2001 Identity Management Guy Huntington, President HVL Derek Small, President...

Documents

Transcript of HVL/Nulli Secundus 2001 Identity Management Guy Huntington, President HVL Derek Small, President...