IT directors need to consider changes both to business processes and the management of applications to roll out an identity management strategy successfully, delegates at last week's Burton Group Catalyst Conference in Barcelona were told.
Identity management is a way to tighten access to applications by associating a user's log in details with their job role. It can simplify usability, as a single password enables the user to access all the applications they are authorised to use.
The conference was shown how two multinational companies had implemented identity management for their end-users.
Robert Rodger, head of group IT security at HSBC, said, "Identity management is both a business problem and an IT problem."
With more than 284,000 HSBC staff worldwide, Rodger's goal has been to simplify access to the bank's IT and support compliance.
The way he is putting together user identity management is being driven through the human resources department. The process uses auto-provisioning and de-provisioning of authentication for users as they join and leave the company.
To ensure applications support identity management, Rodger said that the services for identity management needed to be part of the IT infrastructure. This reduces the need for application developers to understand the technology.
Instead, identity management becomes a service which application developers use for user authentication. "The application developer does not need to know anything [about authentication]. The infrastructure just works," said Rodger.
The same principles are being used at pharmaceuticals firm Novartis. Its ongoing identity management project is based on a standard Java module. This has meant J2EE-compliant applications did not need modification to support authentication, said Denis Diodati, global solutions architect at Novartis.
As a result, authentication for applications such as SAP, Ariba and those based on BEA Weblogic, works out of the box, he said.
Along with making it straightforward for application developers to use Novartis' authentication service, Diodati has put in place an application portfolio management process to ensure new applications comply with the authentication strategy.
Read article: HSBC's IT investment