Managing Heterogeneous Systems

Today’s businesses have had to integrate their information systems and often combine disparate technologies. This becomes even more challenging as a result of business mergers and acquisitions.  To accommodate these changes, the IT department must administer a large number of heterogeneous systems and applications. It must also manage a huge influx of new users and adjust their privileges accordingly. To add to this complexity, many organizations have implemented point security solutions in the enterprise, which has been time-consuming and costly for the IT department to integrate and customize for the business environment.

The sheer number of issues associated with managing individual systems, legacy applications and a host of methods for users to authenticate is a monumental task for the IT department. This task becomes even more difficult when organizations are looking for IT department to “do more with less” in the economic downturn.

Password Resets

Web-based business helps users to exploit networking growth by using an array of systems, applications, operating system platforms and legacy applications to perform a range of tasks. The disadvantage, however, is that each platform or application may require separate authentication.

This has given rise to a common complaint— remembering multiple passwords. In today’s business environment, it is estimated that a user needs to maintain approximately 16 user IDs and passwords to perform his or her role. To reduce confusion, a user often selects a weak password or writes a password on a piece of paper and leaves it close to his or her workstation.

When a user forgets a password for a given system, he or she will usually raise a help desk issue to reset it. In this instance, the onus of managing multiple passwords is placed on the IT department and user productivity is compromised, as he or she waits to get back online. For any organization, unproductive time is business lost. It is vital that users are given password resets in a timely manner. A simplified method of reducing these types of issues is to empower users to manage their own identity.

Requirements for a Complete Identity Management Solution

With the new challenges faced by organizations today, new concepts and practices are required to effectively regain control of security.

Role-Based User Provisioning

User provisioning is the process for managing user identity enterprise-wide and beyond. User provisioning encompasses the identification of:

• The types of users an organization will manage
• The systems, applications and other business resources those users will need access to
• The levels of access to those resources users will need
• How the organization will create, update and delete user accounts
• What the strain will be on the IT department to administer the quantity and different types of users
• How the business will guarantee secure access to its resources

These processes need to remain open and adaptable to accommodate future changes in technology and in the business environment. Corporate recognizes user provisioning as a critical enterprise function, where providing users with the proper resources at minimal cost is essential. User provisioning involves managing a user’s life cycle, from creating various user accounts on different systems and extending user access to external services, to temporarily suspending user access or permanently revoking user accounts. Strong user provisioning reduces security risks, including weak passwords, and minimizes obstacles to user productivity by increasing access time. User provisioning also provides centralized management capabilities.

Using role-based account creation and workflow access rights to business resources, centralized management enables an automated approach across the entire security infrastructure.

Managing User Identity

Organizations can identify different types of users according to their business function: employees, customers, suppliers, partners and more. Each user within each of these groups owns a separate online “user identity” that can be managed as part of the organization’s process management strategy. In this way, organizations can effectively manage secure user identity and lower business costs.

Internal user accounts can be organized according to an employee’s role in the organization.  An organization must also guarantee that the user’s access to business resources is straightforward, smooth and secure.

An organization can build an identity management strategy using the common set of requirements that each group of users shares as the foundation. For example, internal user accounts can be organized according to an employee’s role in the organization. As an employee develops his or her career, the user account is changed to reflect his or her new responsibilities. It is convenient for users to own their online user identity and for their user identity to move with them, so it is dynamically updated according to their specific role. This also increases an employee’s productivity, as he or she can change roles within the organization and can automatically access the systems appropriate to his or her role.

Once an organization has attracted a customer, supplier or partner, it is vital to ensure that the process of registering his or her identity and submitting a transaction is straightforward, smooth and secure. A trusted environment also ensures customer, partner and supplier trust and loyalty. If users find it too complex to register or too difficult to maneuver around a website, they will quickly take their business elsewhere. Delivering effective customer service personalizes the user experience. To feel valued, users need to know that the information they provide is kept confidential and secure.

It is far easier for the organization to manage one single user identity rather than multiple identities for one user. The same can be applied to customers, suppliers and partners. Their identity can be managed according to users’ needs, enabling the organization to deliver quality and customer service and most likely retain the customer.

Traditionally, the employee would have to get approval from his or her manager, and send that approval to Paris to gain access to the server. Today, it is more convenient and cost-effective for the user’s identity to be automatically updated according to his or her new role.

This can be managed through a delegation of administrative responsibilities, which takes the burden off the IT department to be the sole conduit for managing users. For example, a human resources (HR) manager can change the employee’s role in an HR application. User provisioning tools, which are implemented by the IT department and integrated with the HR application, would have predefined access rights for that particular type of role. As soon as the employee joins that role, their access permissions to business resources are dynamically updated according to the permissions preset by the IT department. This is an enormous aid to the organization, as it shares the task of managing users among non-IT departments. This ultimately reduces business costs and effectively automates business processes.

A Directory Infrastructure

A directory allows businesses to group system files, such as employee information, into a hierarchical structure so that they can be more easily accessed.  An identity management solution is only complete with a strong foundational backbone based on a directory architecture. The strength of this architecture allows directories to synchronize, replicate and link information between information stores in a noncomplex, distributed environment—without the need for a centralized repository of information. In today’s electronic age, users want to quickly perform their online transactions. Directories provide extremely fast lookup capabilities across geographically distributed locations, which is key to business success.

Faced with mergers, acquisitions and global expansion, businesses are often challenged with integrating disparate technologies and consistently managing information. This results in information being duplicated, fragmented and dispersed throughout the enterprise. As the organization grows, business-critical applications increasingly require a directory solution that combines the highest levels of performance, reliability and industrial-strength security.

User Authentication

Using strong authentication methods, including biometrics, smart cards and digital certificates to validate a user’s identity is comparable to making a transaction in person and validating the person’s identity using a credit card as a guarantee.  Organizations can validate this information while ensuring all information communicated between the business and the user remains confidential—establishing a level of trust between the two parties.

Using strong authentication methods to validate a user’s identity is comparable to making a transaction in person and validating the person’s identity using a credit card as a guarantee.

The trusted foundation for supporting user authentication is a Public Key Infrastructure (PKI).  PKI is the set of hardware, software, people, policies and procedures needed to create, manage, store, distribute and revoke Public Key Certificates based on public key cryptography. PKI helps ensure repeat business by protecting distributed user identity and allowing transactions to take place in a trusted environment.

Single Sign-On and Secure Access

Similarly to the way user provisioning provides streamlined access for a user, simplified access to business applications is enabled through single sign-on (SSO) technology. From both an administrative and user perspective, single sign-on relieves the frustration of having to remember multiple passwords to access multiple systems. Implementing single sign-on functionality helps reduce the IT department’s administrative overhead by providing one interface to manage multiple systems. Security breaches have become common around password theft and unauthorized access to systems, which has created a need for a strong authentication method to be implemented.

Web-based business has provided different access points to the business, allowing users to connect via the Internet, extranet and intranet.  Users want the assurance that they are conducting their transactions in a trusted, secure environment.  Therefore, enabling secure access to business resources has never been more critical.

Self-Registration and Self-Administration

Corporate recognizes the value of user self-registration and self-administration, since staffing budgets are more restricted and user productivity is crucial to business growth. For example, a user can register with a business by submitting a web form. He or she is then assigned a user ID and password to perform a business transaction—with little or no human intervention— reducing manual errors and decreasing user downtime.  As password resets are common issues raised with help desks, the ability for a user to reset a forgotten password has far-reaching benefits for the business operations, the IT department’s workload and the user’s productivity.

Account Mobility

A key requirement for the identity management strategy is for user accounts to remain mobile.  Employees are constantly moving around an organization and many users now travel as part of their business roles, connecting to business resources from different access points. It is essential that a user’s identity moves as he or she moves. Users must also be given the same level of access however and wherever they connect to the business network.  The identity management infrastructure must be flexible to accommodate this type of mobility.

Web Services

The identity management infrastructure must also be open and extensible to support future Web services and integration with other business environments.  Although standards for the architecture are still emerging, Web services security will enable a user to securely access multiple websites using the same user identity, requiring business technology to be interoperable.