Furthermore it’s said that the average worker has to remember at least 15 user names and passwords, all with different expiry dates.
Fortune 1000 companies typically depend on around 200 databases, or directories, of user information to control access to their systems.
Traditionally, a human administrator managed each system through a paper-based trail to decide access to each application.
Along with data protection laws, this type of legislation addresses the rights of individuals when they interact with organisations, and requires organisations to make data available to their employees only on a need-to-know basis. However, organisations may find the costs of administering IT systems and ensuring compliance go through the roof unless a reliable IDM infrastructure is in place and the data quality is good enough.
In larger organisations ‘meta-directories’ aggregate all directories and other sources of information that enables a workflow engine to monitor data and business events across an organisation. They can generate massive economies of scale in comparison to more disjointed methods.
IDM also offers a number of associated benefits, and its introduction can be viewed as an excellent opportunity, particularly when a business is facing different regulatory controls, or is merging, restructuring or embarking on a new outsourcing project. Consistent and reliable records that can be accessed quickly cut the cost of collecting data and managing the audit trails demanded in a tighter regulatory framework. In addition, there is an instant benefit when it comes to launching new enterprise applications.
Hollywood has pushed the idea of biometrics in films like National Treasure where someone stole fingerprints from a computer keyboard to gain access to a vault, or Minority Report where Tom Cruise’s character had an eye transplant to foil an iris recognition system.
In the meantime, organisations need to look beyond the immediate need for an IDM solution and ensure that identity management is properly integrated with the organisation’s wider security needs and practices. Unless this is done, there is a risk that improvements to identity management may simply shift the security threat to a less protected area or create an unexpected new risk.
http://www.it-observer.com/articles/1145/identity_crisis_what_crisis/