CIO Enterprise Identity Project Approaches
The Enterprise Identity Management project is all about automating business processes and synchronizing identity-related information across the enterprise.
Why do we need Identity Management?
Identity management is necessary to support a strong and flexible security framework. Most system and data vulnerabilities come from improperly managed rights and entitlements. Many companies do not have the necessary identity-related security implementations to adequately control access to services, devices, applications, and data. Properly securing an enterprise today means implementing automated processes and procedures for granting and revoking access to company resources. Intelligent identity management implementation will provide staff with the means to control, enforce, and monitor access to company resources. Additional benefits include access to monitoring and providing a proof of compliance to Sarbanes-Oxley auditors.
Identity Related Access
Control of employee, supplier, and partner access can be far from perfect. Terminated contractors and employees may have access to company resources long after they have officially left the company. Access credentials that employees and contractors need in order to perform their normal tasks are frequently so numerous that they write down their access codes and store them in or near their workspace. Securing the enterprise means providing a process or framework to synchronize employee, supplier, and partner identities across all systems. An intelligent identity management system provides the means to achieve a high degree of security and a secure trust level while allowing employees, suppliers, and business partners to access company resources.
Best Approach to Identity Management
The best approach for an intelligent identity management framework is an open system approach, which uses standardized, readily available commercial components. The open system approach creates an environment that is adaptable and enables the company to respond quickly to rapidly changing business environments. The approach also provides a framework in which individual components can be replaced, maintained, or upgraded on demand with minimal or no impact to the overall system. Additional benefits are achieved by reducing reliance on any one vendor or technology, and this provides a buffer against technological change and vendor consolidation. This approach allows the framework and methodology to reduce the risk associated with implementing or changing components.
Considering the required cost and complexity of integrating identity repositories in the enterprise, an open flexible system that reuses readily available components is an ideal solution to a very complex problem. Identity-related processes require communication between technologically diverse identity repositories, applications, and processes. Each application and identity repository is designed for a specific purpose and not necessarily designed to integrate with other solutions. However, achieving the desired goal of integrating these technologically diverse repositories with ongoing business processes is a difficult and complex issue. The ideal solution is to integrate the applications, identity repository, and business process by using a common, robust, and scalable transport to exchange information. Enabling applications, a legacy system, and a business process to exchange information in a common and reliable manner is a necessity to meet long-term business needs. This technology must provide for guaranteed data delivery, regardless of network changes or outages, and it must also provide a level of abstraction from diverse identity repositories and processes.
Service Oriented Architectures (SOA)
With the increasing acceptance and reliance on SOA (Service-Oriented Architectures), Web Services, Middleware Messaging, and Database solutions, these items are being adopted in many enterprises and are becoming a common component of numerous business enterprises.
The loosely coupled nature of Web Services provides a flexible, component-based, open, extensible, and reusable solution. Web services also enable platform and application-independent communication methods of exchanging information over HTTP. However, if there are unexpected network connectivity issues, does the client have a mechanism to guarantee that any and all data will be delivered to the Web service? No matter how good your network is, there will always be a chance that critical data can be lost owing to a variety of reasons. Web services by themselves cannot provide the necessary guaranteed data delivery service that is required for today’s demanding business environments. On their own, Web Services have no standardized mechanism to provide a guaranteed data delivery service when network outages occur unless the application is specifically designed and developed with a guaranteed data delivery mechanism.
Data exchange can also be achieved by using database replication. The client can insert data into a local operational database and it can eventually be replicated to the central subscriber. In this case, application communication requires a local database on every server; a replication mechanism that has either been developed or bought will provide the delivery mechanism. This may not be the best solution, as it requires extra effort to configure, maintain, and monitor. These extras are already provided by middleware messaging products.
Middleware Messaging Transport Service
The middleware messaging transport service provides a layer of abstraction between the application, identity repositories, and business process. It also provides the necessary guaranteed data delivery service that is so crucial in today’s enterprise environments. The middleware messaging provides the ideal environment to enable open, extensible, and flexible identity management solutions. It also provides the necessary abstracted environment for exchanging information between identity repositories, processes, and applications, as well as providing an effective integration for outside vendors and suppliers. The most open extensible and scalable method to exchange information is middleware oriented messaging.
Several of the more popular middleware vendors are listed below.
The middleware messaging transport service provides the necessary support infrastructure that enables integration teams to focus on business logic rather than on the development of custom solutions or components. The abstracted environment also provides the ideal environment to build effective, open, and extensible identity management solutions. For more information on how to use middleware messaging to support your identity management initiatives, please visit WWW.EAISimSolutions.com
EAI SIM Solutions was founded by Bill Brant. EAI SIM Solutions can help you implement flexible extensible Identity Management solutions, enabling you to enforce strong processes to enhance internal security and accountability throughout the enterprise.