Identity management in action
Business Layers’ eProvision and Courion’s Identity Management Suite aim to ease user management burdenFollow @pvenezia
While dutifully registering my dog with the city the other day, I witnessed an unfortunately common event. One clerk could not log in to the application used to register canines, and so another clerk helpfully suggested, “Oh, use Bob’s account. The password is ....” This took place in a public setting, as the clerk shouted the username and password across the room.
This gaffe is both a security issue and an identity management issue. If everyone logs in as Bob, then auditing reports are invalid because they indicate that no one ever uses the application except Bob. The problem is that the clerks use about a dozen applications on any given day, each with its own authentication methods. Multiply this problem by the thousands of applications and resources available on a large enterprise network, and the headache grows exponentially.
Identity management is the Holy Grail of a large network. The idea that a user exists as a single entity bound by a central solution that controls access to every application represents a large step forward in the manageability of any corporate infrastructure. But in reality, tying hundreds or thousands of local, client/server, and Web-based applications from hundreds of vendors into a single management scheme brings to mind metaphors of herding and cats.
The range of applications that require authentication is astounding. For example, a user logs in to the network on a PC, then logs in to an in-house database app, then logs in to an enterprisewide intranet and an extranet application, followed by a log-in to e-mail, and so on. If different account information is required for some or all applications, the user faces quite a hassle. This situation also becomes a liability when the user leaves the company or transfers locations. Removing every account and changing every password consumes significant IT resources for what should be an HR or management task. To alleviate this burden — and to truly achieve its promise — an identity management solution must be fluid, extremely adaptable, and manageable by non-IT personnel.
Significant benefits can be derived from consolidating ID management throughout the enterprise. Unfortunately, some applications insist on existing outside the purview of a chosen ID management solution — too many of these and the benefits of any ID management package decrease greatly. And then there is the issue of homegrown databases and applications. Few infrastructures are devoid of duct-tape applications built on Microsoft Access, FileMaker, or FoxPro databases, or tools written in Perl or PHP (Hypertext Preprocessor) with a command-line or Web-based interface.
And that’s the crux of the issue: How do we corral these resources in a way that reduces the management burden on IT and streamlines the interaction between IT and HR? Several solutions have surfaced to tackle this problem. Reviewed here are Business Layers’ eProvision and Courion’s Identity Management Suite.
The Courion suite fits together like a mosaic, with each application fulfilling a particular identity management role. AccountCourier handles the provisioning tasks and provides a customizable Web-based portal that permits authorized users to manage accounts, grant or revoke access to resources, and so forth. PasswordCourier provides self-service password changes and resets.