Burton Group Catalyst 2007: IT directors face barriers to deploying identity management technology

IT directors and chief information officers face barriers limiting their ability to deployidentity management technology, including the inability of products to work across company boundaries, lack of common standards, and unclear contractual obligations.

In his keynote presentation at the Burton Catalyst conference in Barcelona, Jamie Lewis, chief executive officer of Burton Group, said, " Identity management is fundamental to enable business."

Identity management technology allows businesses to collobarate with business partners and customers, and supports regulatory compliance.

Identity management covers several areas of IT including federated identity services, single sign-on, authentication and directory services, to allow businesses to grant users access to IT systems. But research from Burton Group has found that no IT product can provide all the functions businesses require for identity management.

Markus Salo, concept owner for identity and access management at Nokia has recently undertaken a project to provide an identity management system for several thousand users. The system supports Nokia Siemens Network (NSN), a partnership between Nokia and Siemens.

Salo said, "We needed to establish an identity exchange to allow user identities to be shared between the two companies." However, he could find no product to suport identity exchange. Instead Salo said he had to adapt existing technology.

The unwillingness of suppliers to take on liability for their products is another potential hurdle. Anne Terwilliger, director of security projects at Visa International, said that suppliers working on identity management needed to take on greater responsibility, in a similar way to credit card providers. "There is a legal liability to protect user data and privacy," she said.

Another area of concern is lack of compatible products.

Eve Maler, an inventor of XML and technology director at Sun Microsystems, said, "There is a lot of oportunity to bring standards like PKI and SAML together, to enable users to build applications faster and avoid security and quality isues."

June Leung, senior manager of security and business recovery at FundServ, a company specialising in applications for the financial services industry, said, "Businesses are paying a lot of money for different products." Leung believed this cost could be reduced if there was a single standard.