Identity Management
Burntsand has been providing consulting and solutions to our customers in the area of Identity for the last ten years. Primarily based in our expert knowledge of Directory Services, interoperability of user information between diverse systems, security and systems administration, our evolution to Identity Management consulting started long before the term was as wide spread as it is today.
The rapidly growing amount of applications in today’s Information Technology environments, supporting business functions like ERP, CRM, HRMS and many specialty requirements that provide a foundation for reaching prospects, customers, partners, suppliers, consultants, contractors, and other vendors, all in support of the company’s Strategic Business vision. Managing who accesses what resources within these complex environments is the foundation of Identity Management and is being influenced by a number of trends and facts.
Regulatory Compliance
Regulatory Compliance has become one of the latest elements in the decision making process within most organizations. Legislated compliance like Sarbanes-Oxley in the US, the European Union Directive on Data Protection, Freedom of Information and Protection (FOIP) Act in Canada, Health Information Portability and Accountability Act (HIPPA) and other industry specific requirements for protecting the privacy and confidentiality of information, has demanded a more rigorous approach to who has privileges to access what information. Additionally the need to audit and report on access information is stronger now than ever before.
User Flexibility
User Flexibility on how, when and from where we access information and applications is also driving the need for more stringent control and auditing of access information. Gone are the days of grouping users into a few categories, or providing shared access credentials. The user community has grown to include contractors and vendors, access points are from both inside and outside the firewall and more granular management of access privileges is driving the need for precise and accountable solutions to manage the flexibility that users are demanding. The workforce is also changing constantly: people change roles within the organization, partners could become the competition, plus there is a constant change requirement for identity information as people come and go, move, change marital status and similar activities.
Provisioning users
Provisioning users across multiple systems and applications has been a perennial issue within most organizations. Variance in naming conventions, user identity collisions, and manual processes can be overwhelming. This coupled with the inevitable human element that inputs the same data differently in disparate systems, or more commonly, is forced to enter the same data differently, has created a situation that is very difficult to undo. When you add in the need to provision users quickly because of a special project, merger or acquisition, the need to gain tighter control of the provisioning process and workflow is especially apparent. As equally important is the need to have an effective de-provisioning process to protect the information resources within the company.
These are just a few of the considerations when looking at a potential Identity Management Solution. Some others are increasing information security, more efficient processes, improving quality of service, and, ultimately, reducing expenses.
Identity Management Business Drivers
Often IT investments in the area of security management are considered much like insurance policy, and the return on investment is only considered from a perspective of the potential cost of a security or data beach, of the negative publicity that may be associated with such an occurrence. Identity Management however does have a measurable benefit beyond the avoidance of "what might have happened" scenarios.
There is a balance that needs to be maintained in IT environments between the ever increasing demands to open the business up, make information more available anyplace, anytime and the need to control costs, complexity and conform to the growing demands of regulatory compliance. Identity Management solutions help in managing this imbalance while delivering a very compelling ROI model.
Operational Efficiency
The ability to effectively provision, maintain and de-provision users and their associated information and security in a typical enterprise where the average user requires access to six applications, and who not only needs to be provisioned as a new employee but also when they change roles and responsibilities is not a small task, even though it may only take five minutes to provision one new user. Add to this external access for partners and contractors and this relatively simple sounding process can occupy hours of IT time each month. Identity Management can automate and simplify these processes, and provide a consistent authoritive source for user information to the enterprise. The cost savings associated with this consistency varies from company to company but the positive impact on operational overhead is unquestionable.
Security Benefits
It is important to stress that the gains in increased operational efficiency do not compromise information security. Identity Management lessens the risk associated with many of today’s well known security risks including identity theft, insider and disgruntled employee security breeches, regulatory requirements for improved security, extended enterprise access and even cyber terrorism. Gartner Group estimates that 70 percent of unauthorized information access is not from external intruders like hackers but from employees. Add to this the legislative and regulatory requirement for tracking and auditing access to information and applications, the need for a well managed Identity Management solution becomes even more obvious.
New Business Initiatives
Whether the requirement is to provide authorized remote access to an application by a customer of partner, or allowing employees to more effectively work from a home office or hotel room, Identity Management provides effective administration of access privileges while maintaining security in any successful virtual enterprise.
Burntsand Identity Management Solutions
Burntsand has over ten year experience in the technologies that have become known as Identity Management. We offer consulting services in several areas that will assist our customers in realizing the importance and benefits of a well established Identity program. Some of these services are:
- Assessment Services. With most projects of this nature it is critical to consultants, and our clients, to understand the current state of the associated technologies and determine from that the best path to achieve their desired goals. These activities include a review of all current directory services, provisioning processes, service desk calls related to Identity Management (including password resets), and similar items. Also included could be a review of current or planned initiatives related to information access, regulatory requirements and information security policy related to access and authorization.
- Directory Consolidation. Often the first step in building a solid foundation to support an Identity Management Solution, rationalizing and consolidation of Enterprise Directory Services provides a well planned and manageable base of authoritive user information. This coupled with consistent naming conventions for all directory services make directory consolidation a useful and valuable exercise in conjunction with an Identity Management initiative or as a standalone project.
- Process Analysis and Requirements Gathering. As part of most initiatives of this nature, Burntsand has a number of experienced consultants that can assist our clients in analyzing their current processes in relation to provisioning and Identity Management, and help re-design if required. Our typical approach would be through the use of workshops and interviews with both IT personnel and business. We model our recommendations to make the best use of the existing environment using a framework based on ITIL (Information Technology Infrastructure Library) best practices and continuous improvement.
- Development and Deployment Services. Identity Management solutions become a hub for the management of users and user access information across a variety of enterprise systems and applications. Many ID Management products come with a set of integration tools and APIs to facilitate this interaction. Burntsand can offer consulting, training and development services in this area along with deployment of Identity Management tools.
About Burntsand
With a unique focus on helping clients unify information to increase agility, Burntsand is a North American leader in the delivery of systems integration consulting services. Burntsand partners with leading enterprises to achieve their Integrated Information Management goals through the delivery of Enterprise Content Management, Collaboration, Enterprise Operations & Service Management, and Customer Relationship Management solutions. Burntsand's Time to Value approach makes the firm different: it gives customers an edge, helping them realize near-term business benefits and long-term competitive gains. The company's distinguished partner status with EMC, Microsoft and BMC reflects its business maturity and sustained technology depth. Headquartered in Toronto, Burntsand operates from locations across North America. The company's shares (TSX: BRT) are traded on the Toronto Stock Exchange.
