Identity and Access Management lays the foundations for the building of an extended trusted environment, along with providing flexible, policy-based, user lifecycle management. It is essential that companies move to an identity-centric approach where the focus is on authentication to reduce risk, rather than relying on the current mechanisms of perimeter control and detection. The move to Internet-based business processes and collaboration, and the Web services framework, means that it is not a question of if, but when, enterprises must implement an integrated security management solution, based on the principle of identity and trust.
Many organisations consider that they are sufficiently protected by the piecemeal security technology they have implemented around the IT infrastructure. Butler Group believes these enterprises are in for a rude awakening when, for example, either their personal information assets are compromised and litigious users seek recompense, or the costs of managing many users start to eat into precious IT resources. At the top of the IT Manager's wish list must be the phased deployment of a security framework aligned with company objectives and driven by the company security policy, including Identity and Access Management technology.
In the pursuit of cost efficiencies many enterprises are engaged in a strategy of evolving to an Internet-based business model that will, in turn, require the organisation to adopt a security framework organisation to allow safe collaboration and the sharing of services with other organisations. Without a mechanism for efficiently processing identities the Web services paradigm will never gain widespread adoption in the market place. It is important that an enterprise is able to simply and inexpensively establish an organisational stakeholder's identity, and there are processes and technology in place to manage the user identity by the organisation itself, a trusted partner, or an identity service.
Governments have started, and continue, to focus on an individual's personal privacy. The European Union has already put privacy legislation in place. In the future, organisations will have to be able to demonstrate that personal information is secure and has not been shared with any other organisation without the individual's express approval. This potential risk of litigation will undoubtedly raise the profile of Identity and Access Management capabilities within the boardrooms of many enterprises.
In addition to regulating in this area, governments have a role in providing a lead in the deployment of the security technology and infrastructure capable of bringing common identity mechanisms to the mass market. After all, there will be no e-Government without superior e-security. It is in the public sector's own interest to provide leadership, and to seed the market with the required strong authentication technology.