When SunTrust acquired National Commerce Financial (NCF) in October 2004, for example, Callahan says the bank was able to map most of NCF’s employees to roles it had already created. “Rather than coming over haphazardly and ugly, they came over in a clean fashion,” he says.
“Instead of pulling aside your entire IT department for months to integrate a company you’ve just acquired, you can enable it to happen in a couple of days automatically,” says Courion president and CEO Chris Zannetos. Indeed, he says, making it easier to assimilate large numbers of new employees is one of the key drivers behind IDM systems.
Like many people interviewed for this InfoWorld story, SunTrust’s Callahan is reluctant to reveal the exact cost of his IDM project. Although he says it’s “less than seven figures,” he estimates that having an identity infrastructure saves the company $2 million a year on provisioning and password management alone.
Comply or die
The network management benefits of IDM are attractive to any organization, but the biggest single driver for the adoption may be Uncle Sam. IDC analyst Sally Hudson estimates that compliance is behind 70 percent of the revenue in the identity and access management market.
“There’s a big rush to be compliant, especially around Sarbanes-Oxley,” says Wynn White, senior director of technology marketing and security and identity products at Oracle. “Companies have put together these manual processes with chewing gum, baling wire, and crazy glue. It’s very expensive and not all that secure.” White says IDM systems can standardize how enterprises segment users and control access, driving down the overall cost of compliance.
Rich Casselberry, CIO for networking security firm Enterasys, says its identity management system makes dealing with compliance issues a more pleasant experience. The company uses MIIS (Microsoft Identity Integration Server) 2003 to manage accounts for more than 800 full-time employees and up to 150 contractors.
Because Enterasys is a longtime Windows shop, integrating MIIS 2003 into its network was relatively straightforward, Casselberry says. It took the company less than three months to implement the IDM system, at a cost of $125,000.
Using MIIS, Enterasys creates different types of accounts for contractors who need access to network resources -- help desk employees, for example -- and those who don’t, such as building contractors. Casselberry says that comes in handy when its time for the company’s annual Sarb-Ox audit.
The MIIS system “takes what used to be a two- or three-day conversation and reduces it to 30 to 45 minutes,” Casselberry explains. “The challenge is convincing the auditors that our system really works. They say, ‘It can’t be that easy; we need to see the logs.’ So we show them the logs.”
Results like these are often enough to convince even the most budget-conscious executives, says Oracle’s White. “One of the bigger pain points around identity management has been getting buy-in across the entire organization. In the early days you saw islands of deployment, but you ultimately hit a wall. Compliance concerns are helping push IDM out onto everyone.”
Although a simple SSO scheme can be rolled out in a matter of months, implementing a full IDM suite within a large enterprise can literally take years, due to the technical complexity of managing access across multiple platforms and applications.