Identity management in action

It's an ambitious undertaking, but building an identity infrastructure delivers real rewards.

Think you're ready to deploy IDM (identity management) in your organization? John Aisien, vice president of marketing at IDM vendor Thor Technologies, won't kid you about the realities.

"Identity management is by definition hard, and anyone who says otherwise doesn't have enough experience doing it," Aisien says. "You have to centrally manage multiple applications and platforms that were not designed to be managed centrally. The technology lets us do that, but it's not easy." It's also usually anything but cheap. Costs vary widely, based on the size and complexity of the organization and the kinds of services it implements. Throwing federation into the mix complicates matters further.

Most companies are loath to talk about how much they've actually spent or to quantify the return on their investment. For large or complex organizations, however, it's safe to say that implementing IDM can take years and cost many thousands of dollars. Aisien says his firm's customers typically have revenues of US$1 billion or more and pay a minimum of $100,000 in annual license fees.

IDM is not for the faint of heart.

Nonetheless, The Radicati Group projects that the worldwide identity management market will grow from around $1.2 billion in 2005 to more than $8 billion by 2009. It's not hard to see why when the potential benefits are so compelling.

Big money, big returns?

"Security is not the number one reason why we adopted [identity management], but it's a really nice side effect," says Paul Beaudry, director of technical services for James Richardson International (JRI). The agribusiness giant uses Novell Identity Manager and a home-grown portal app to provide SSO (single sign-on) for its financial, database, and ERP applications.

Before implementing its system, JRI's 800-plus computer users had multiple user names and passwords "written on sticky notes pasted to their keyboards," Beaudry says. Now each has a single portal ID and password, and users are prompted to change their log-ins every 90 days. In addition to facilitating smarter security policies, SSO can also provide real cost savings. By reducing the volume of IT help desk calls from users who forget their passwords, SSO can save companies an estimated $15 to $30 per call.

According to Tim Callahan, group vice president in charge of access control and support services at SunTrust Banks, nearly a thousand bank employees used to spend part of each day retrieving or resetting users' passwords -- the equivalent of 60 full-time positions. Since implementing an IDM suite from Courion, the company has slashed that number by 75 percent.

But the biggest return comes from provisioning -- automating the process of creating accounts for new hires, changing access levels as employees change jobs, and shutting off accounts when employees leave the company.

Prior to using Courion, it could take as many as 10 days to get new hires fully up and running at SunTrust, Callahan says. Now, the provisioning process takes less than a day. And when SunTrust needed to consolidate employees from 28 recently acquired companies into one unified entity, the Courion software was invaluable.

When SunTrust acquired National Commerce Financial (NCF) in October 2004, for example, Callahan says the bank was able to map most of NCF's employees to roles it had already created. "Rather than coming over haphazardly and ugly, they came over in a clean fashion," he says. "Instead of pulling aside your entire IT department for months to integrate a company you've just acquired, you can enable it to happen in a couple of days automatically," says Courion president and CEO Chris Zannetos. Indeed, he says, making it easier to assimilate large numbers of new employees is one of the key drivers behind IDM systems.

Like many people interviewed for this InfoWorld story, SunTrust's Callahan is reluctant to reveal the exact cost of his IDM project. Although he says it's "less than seven figures", he estimates that having an identity infrastructure saves the company $2 million a year on provisioning and password management alone.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email Computerworld
• Follow Computerworld on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark