Archives ||About Us || Advertise || Feedback || Subscribe-
Issue of December 2003 

 Home > Vendor Voice
 Print Friendly Page ||  Email this story

Vendor Voice: Identity & Access Management

Who's accessing your online applications?

As more applications get exposed to end-users, corporations need to provide strong authentication, and manage multiple authentication methods. by Surendra Singh

Corporate and government investment in IT infrastructure is increasing as these sectors choose IT as the primary platform for conducting many aspects of business. The growing investment in the IT enablement of business has resulted in a dramatic increase in access requirements. This is characterized by a growing number of users with a proliferation of mobile devices being used for anytime, anywhere access—to an increasing number of applications and resources. The adoption of Web services on-line activities is at an all time high for application-to-application transactions. In fact, these factors have compelled corporations to redefine its security perimeter—moving from few security checkpoints at the network level to many points at the application level.

This ever expanding and changing IT-enabled business model presents Corporations with many daunting challenges—from unproductive user experiences and unmanageable infrastructure to shifting security perimeters. Some of the concerns that customers are currently experiencing include:

  • Cumbersome user experience. Often, users are forced to manage upwards of ten passwords while authenticating multiple times. As a result, users are unproductive and less willing to use electronic resources.
  • Heterogeneous e-business environments. Today, corporations rely on multiple applications from multiple vendors to run IT-enabled businesses. Integration and centralization of technologies has become a growing challenge that significantly effects the total cost of ownership and threatens the success of e-business.
  • Shifting security perimeter and increased risk. With the expansion of e-business, the perimeter is not well defined, and corporations are looking to manage security across platforms, and at the application level. Additionally, corporations are exposing more sensitive data to a growing number of users. This means that the risk of exposure is high, and so are the stakes.
  • Multiple authentication requirements. Many corporations have identified the need for multiple forms of authentication, but are simply limited to the one method that their current system supports. This increases an organization's risk of exposure.

The Solution

As more applications get exposed to end-users, corporations need to provide strong authentication, and manage multiple authentication methods. They need to provide different levels of authorization and a wide range of access rights for a growing, diverse and dynamic user base. They need to do all this from one platform that consolidates management and reporting. In short, corporations need to consider applying Identity and Access Management solutions.

An effective Identity and Access Management platform provides the following essential benefits.

Take stock of your assets

It is necessary to evaluate and develop a plan to secure business against hacking and other forms of electronic espionage.

As e-business evolves it is important for enterprises to regularly take stock of its information assets. The objective is to organize these assets into appropriate categories, to understand those assets and the boundaries. For example, how valuable is each specific data resource? And how much privacy is appropriate? Identifying and understanding the nature of your information resources is the first step toward comprehending the security risks to your e-business.

The next step is to identify areas of vulnerability and to understand the potential for losses associated with each. Of course, there's more to this than direct financial loss. One needs to look at indirect losses, such as productivity losses. In addition, legal liabilities and the ramifications of such exposure need to be considered. And, last but not least, consider damage to reputation or image. In a world where brand is everything, this may be the most compelling risk.

By knowing the costs associated with loss, as well as the costs of the risk mitigation solution, return on e-security investment needs to be evaluated.

Return on Security Investment

While analyzing return on investment (ROI), it may turn out that the cost of implementing a full-blown security infrastructure simply outweighs the risk. In that case, it makes good business sense to go with a less expensive security technique. For example, it may be sensible to deploy certificates or two-factor authentication devices instead of deploying biometrics or full PKI. Alternatively, upon completion of an ROI analysis, if risk of loss severely outweighs the costs and challenges of any conceivable security solution, PKI with two-factor protection of user credentials may be paramount.

Open Standard

As more enterprise applications and resources are moved to the Internet, (including a range of Web services that organizations deploy and procure), companies would require establishing trust among the identities of users who seek to access them. Further, enterprises would need to manage and control authorized identities to ensure they are current and are being used in accordance with established policies.

For this reason, organizations would need to assess their own identity and access management needs, engage in detailed discussions with business partners about their needs and plans, and explore with a reliable vendor how to implement and integrate such a solution in their IT environments. The challenges that have brought the issue of identity management to the fore will only grow and exacerbate the problems that have stunted the growth of e-business, and contributed to information security breaches around the world.

An open standard for identity and access management—including authentication, single sign-on and Web access management capabilities--will help organizations lower costs, accelerate commercial opportunities and increase user productivity and customer satisfaction.

The writer is Head, South Asia, RSA Security B.V. He can be reached at

Benefit Business Value Overview
Improved User Experience Revenue Generation & Cost Reduction The right identity and access management solution will greatly

enhance the user's experience, helping them to control their on-line identities because they will no longer be required to manage a hoard of passwords. An integrated identity and access management solution also enables simplified sign-on.

Enhanced Integration Investment Protection & Cost Avoidance Seamless integration into an organization's heterogeneous e- business environment is critical. Identity and access management solutions will act much like middleware, enabling Corporations to manage digital identities across its diverse and expanding infrastructure. A standards-based approach will play an important role in this enhanced integration.
Multi-purpose Platform Cost Savings & Cost Avoidance An identity and access management solution is a platform on which Corporations will be able to manage multiple authentication options (i.e. tokens, smart cards, certificates, passwords, etc.) from a single platform, providing choice in any environment. In addition, varying levels of authorization functionality (course-, medium- or fine-grained) can be part of the mix.
Centralized Administration Cost Reduction & Risk Mitigation The right identity and access management solution will enable Corporations to simplify the management of digital identities and security policies with one console.
Enhanced Security Risk Mitigation & Compliance

Identity and access management solutions will ensure greater levels of security to match the growing risk of exposure and high stakes involved in e-business infrastructure. The solutions will shift fluidly with an organization's perimeter protecting the business at the application level. In addition, an integrated identity and access management platform will be the cornerstone to security enforcement, providing a basis for consistent enforcement, audit and reporting of policies across the e-business environment.

- <Back to Top>-  

Copyright 2001: Indian Express Newspapers (Bombay) Limited (Mumbai, India). All rights reserved throughout the world.
This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Bombay) Limited. Site managed by BPD.