What is identity management? According to Chris Zeis, vice president and CTO of Perpetual Technologies Inc., identity management is the ability to securely authenticate a user or group to a system or systems, using credentials based on a single sign-in procedure, using a user name and password or a common access card. This authentication allows a person secure access to multiple applications or systems to view and update information.
Zeis notes that government and business sectors have different sets of requirements for identity management. Smart Business spoke to Zeis about the challenges as well as the overall benefits of identity management in today's Web-based technological environments.
Why is identity management important for a business?
Once in place, a single sign-in system will reduce the costs of maintaining separate authentication methods. For example, your people may manage and control 10 different systems, all requiring different user names and passwords. With today's Web-based integration technologies, you can streamline the amount of time required to manage this process via identity management, thus enhancing efficiency throughout the organization.
At the same time, this single sign-in system enhances security and protects a company against fraud.
How does identity management benefit organizations?
The single sign-on capability of an identity management system provides security, privacy, efficiency and cost savings. Users who are able to log in on one splash page (portal) are able to do everything they need for the day without having to repeatedly log back into the system or other systems. Additionally, a connection or login session can be set to automatically expire if a person hasn't done any work in a given period of time.
Cost-wise, an identity management system saves money in the long run. Web-based systems allow for much easier integration of new programs into the system than could be achieved with client-server applications of the past.
What are the pros and cons for the business sector?
It takes money, time and effort to incorporate an identity management system. The initial cost is high, but once in place, the system provides conformity as well as security. The system can help shield against fraud by giving authorized users the credentials they need to access systems quickly, while simultaneously keeping unauthorized users out.
Another benefit is competitive advantage. For instance, a bigger company running a portal service might have connections to other systems that already have single sign-on features. These systems are more user-friendly and promote faster transactions over the Internet. Because new programs can be more easily integrated into the system, a company can adapt more quickly when moving forward.
What steps should a company take to implement a single sign-on identity management system?
- Identify and analyze the software options available. During the initial phases, the CTO or CIO has to analyze the pros and cons of each available software option, determining if each option supports the current environment and the organization's future vision.
- Identify the architectural requirements necessary to support the system's users. Questions to ask during this phase include: What does our current network support? What size architecture is needed? Will we have to purchase multiple systems for different locations? How many users will there be? Firewall and encryption concerns must also be addressed.
- Design and test the environment. This involves creating interfaces with the system, depending on the number of systems and the number of users.
- Release the system for production. To know how long it will take to release the system, you should first determine how may access points you need from system to system. In general, it takes about two to eight months after all the research is done to properly implement an identity management system in a small to large company. The key word here is properly. Trying to expedite the process could result in a substandard job.
Chris Zeis is the vice president and CTO of Perpetual Technologies Inc. Reach him at (317) 824-0393 or email@example.com.