This article has been modified from its original version. Certain quoted material has been removed because its veracity could not be confirmed.
The old “separate nations” network paradigm -- decentralized security in which multiple departments using various applications manage access as each sees fit -- is now passé. Security systems are going global, as enterprises increasingly turn to identity management solutions from vendors such as IBM, Netegrity, Novell, and Oblix as a means to better align network policies and permissions with business goals, not just IT’s ideas of how a system should be managed.
It had to happen. The more resources are added to a network, the harder it becomes to control. In today’s strict regulatory environment, businesses are clamoring for a better way.
“The traditional model of enterprise security is parameterized around a small set of datacenters,” says Chris O’Connor, director of security strategy at IBM. “It’s security Swiss cheese that has bred all kinds of compliance issues and security problems.”
No matter what level of chaos we let reign on our desks and file cabinets, we all know that a messy network can never be a secure one. Digital identity, beyond being a means to enable application SSO (single sign-on), has begun to emerge as a key tool for bringing order out of the chaos.
“Enterprise investments in identity management are enabling identity-centric network management,” says Phil Schacter, vice president and service director of directory and security strategies at Burton Group. In particular, Schacter cites the changing nature of today’s networks -- including the increases in mobility and remote access -- as driving forces behind the move toward identity-based systems.
Identity doesn’t just define who a user is; it connects the “who” directly with the “what” -- what a user’s role in the organization is, what resources and information that user needs access to, and what he or she can and can’t do with that information. Identity is the big picture, the whole story that allows corporate policy and processes to be applied in a consistent and comprehensive manner across an entire enterprise.
By consolidating access and authorization information for each user, identity solutions help keep networks current. They grant quick access to new hires, while helping to exorcise the ghost accounts of former employees before they have a chance to possess the system. They provide audit information for regulatory compliance. They protect privacy and strengthen access controls. But perhaps most importantly, identity-based network management lifts network security out of the datacenter and brings it in line with the needs of the enterprise.
Moving toward identity-based network management is a tall order, but it does not mean ripping and replacing your current software infrastructure. Instead, identity systems work with the existing infrastructure to make it more robust, more intelligent, and more likely to resist attempts at unauthorized access.
The first piece of the puzzle is to establish an identity store, where user-access information can be maintained in a central location, independent of applications. Typically this takes the form of a network directory, such as an LDAP directory, Microsoft Active Directory, or Novell eDirectory.