Identity Crisis

Von Ben Worthen
Zugangskontrolle und die Überwachung der Systemaktivitäten gehören zu den wichtigsten sicherheitsstrategischen Aufgaben. Eine zentrale Verwaltung der Zugangsrechte unterstützt das Anliegen, aber es erweist sich als ein diffiziles Projekt.

Quelle: CIO, USA

TOM KING, CISO of Lehman Brothers Holdings, had what seemed like a relatively simple idea. If his company could automatically grant access to financial trading applications from a central provisioning system instead of on an app-by-app basis, it could both increase the efficiency of its workforce and keep better tabs on who was using what applications. It soon became clear, however, that setting up such a system was merely one step in a very long process.

First, King had to develop a single repository for identity information within the company - he had to know who the users were before he could grant them access to the applications. And each application would need links to the new identity repository. King soon found himself mired in a full-scale identity management project.

That was three years ago. King is still far from done. "I don't see an end to it," he says. "There are literally hundreds of applications" that should be part of the identity system.

So why bother with identity management at all? Because the returns can be impressive. According to a survey of more than 7,500 top IT execs cosponsored by CIO and PricewaterhouseCoopers, the top two strategic security initiatives for CIOs during the next year are to block unauthorized access to systems and to monitor systems activity. Identity management systems can help you do both. They also let CIOs provide new employees with almost immediate access to the applications they need (and take away access from former employees just as quickly). And since authentication (you are who you claim) and authorization (you're allowed to do what you're trying to do) occur at one location, employees can access all their applications with a single user name and password, a move that can dramatically cut down help desk calls.

With benefits like those it's no wonder that consultancy NerveWire found that 38 percent of the 145 companies it surveyed expected an ROIROI of as much as five times on their identity management investment, and another 10 percent expected even higher returns. But few companies have achieved such numbers yet. The CIO-PWC survey, for instance, found that among North American respondents, only 9 percent reported that their identity management projects had achieved their objectives. Alles zu ROI auf

Zur Startseite