You can think of Identity Management as an application, because it is an application. It plugs right into HR. When new staff join they need an IT identity and when they leave it needs to be removed. You can add details to this. Provisioning IT users applications is part and parcel of Identity Management, (some might suggest it’s the raison d’etre), but staff also get other things provisioned, like desks and car spaces and mobile phones, and Identity Management can take a role in that.

As far as the customer identities are concerned Identity Management can dovetail in with CRM systems. The usefulness of this is also extensive for companies trying to create the much vaunted “single view of customer.”

Fundamental Infrastructure

I talked about this with CA about this in a recent briefing on their IAM identity management product. The fundamental engine behind IAM is the Netegrity engine which CA acquired quite a while ago, but it includes a whole set of other ID management and access control pieces, that CA had already assembled.

CA’s view, which I agree with, is that ID management is not so much an application as fundamental software infrastructure. Yes indeed. There’s two aspects to this:

1. ID Managements touches every other application and of necessity has to link in with every OS on every server and every device (for the sake of access control) and is the source (or should be the source) of all authority granted to anyone through computer systems.
2. It is the basis of IT security from the people authentication perspective.

Naturally, through federation with external identity management systems, it also plays a role in the larger picture. The larger picture is pretty much opaque at the moment, because the world is waiting for governments to make practical decisions on the identity of citizens. Don’t hope for any early resolution or general agreement on this. It’s already political – what to do about illegal immigrants for example.

The main announcement that CA was making was the addition of a new component to IAM, the CA Security Compliance Manager. The idea here is to provide a ready made software component that addresses the compliance needs of an organization (SOX, PCI etc.). It’s a dynamic capability which will spot and rectify excessive user entitlements and keep the auditors at bay.

CA is also evangelizing the idea of Identity Lifecycle Management. Everything in IT that has a life-cycle needs to have it managed automatically nowadays and identity is no different. CA’s IAM is pretty much structured to deliver this with setup, provisioning/deprovisioning, user self-service, compliance management, role management and auditing and even, a new concept for me but valid nonetheless: role mining.

I guess if you dig around who does what and how, through the computer system, you’re bound to unearth some interesting information.

The Big Project

For IT, the compelling things about ID Management is that it is unavoidable. You are already doing it, even if you’re not doing it well and you will be compelled to do it more effectively in time – even if you’d prefer not to. It gets more complicated by the year and it needs as much automation as is possible.

Moreover, ID management projects take a long time (often several years) to complete the fundamental aspects of:

• Bringing identity under control for all staff, customers, partners and agents
• Linking in all access control and provisioning.

It’s not deploying the software that’s the problem, it’s getting the organization organized to employ the software effectively. It can take a long time, because you have to move through the organization a department at a time and fix the irregularities in IT usage that you naturally uncover.If you’ve not bitten this bullet, then a good time to start is now. It really is fundamental IT infrastructure and you really will have to automate it.