Finding Opportunities In Identity Management

What's more, good security practices dictate complex passwords that need to be changed often, and remote-access requirements add to the complexity with VPNs and certificate-based technologies.

All of these elements added together demonstrate the complexities of identity management, and those complexities increase the cost of secure systems, especially in the administrative areas.

Those issues create opportunities for security-focused integrators selling identity management solutions. One simply has to look at the costs associated with supporting users to clearly identify the common problems, such as lost passwords and user-access issues, which quickly add up to significant support costs. That becomes the key catalyst for implementing identity management solutions.

Some elements of identity management can be easily identified and implemented. VARs looking to demonstrate the immediate benefits need only turn to single sign-on (SSO) solutions. SSO consolidates identities and passwords into a single repository that can be accessed by operating systems and applications. The key benefit to SSO is that users only need one set of credentials to access a particular line of business systems, which brings convenience to the user while reducing help-desk calls regarding user-access issues.

Some may find that password synchronization will adequately address those same issues. Password synchronization automates the task of keeping passwords the same across various systems,for example, keeping a user's password the same on an LDAP-based security system, Active Directory and a RADIUS server.

But password synchronization increases administrative overhead, compared with SSO technologies, because someone still has to create the primary user accounts on each security system. In other words, an administrator still will be responsible for adding the same user to multiple systems and maintaining those accounts. Some password-synchronization products do help to ease that process. From the user's point of view, independent logins to various systems will still be required, but the task of remembering separate passwords is eliminated.

Password problems are the bane of many help desks. Resetting passwords can be time-consuming and complex, depending upon the security policies in place. That burden can be eliminated with password-reset technologies, which allow users to reset their own passwords. Typically, a user accesses a password-reset application through a browser or telephone using interactive voice response. Users are then authenticated with questions to which only they know the answers.

Access management products also help administrators effectively manage users. Those products empower administrators by centralizing user management. An effective access management system incorporates multiple methods of authentication to verify the user, including passwords, digital certificates or hardware or software tokens. What's more, most access management systems give administrators the ability to delegate management roles, allowing business managers and other support personnel to assign permissions and policies. On the flip side, administrators will still have the ability to quickly rescind user and group privileges to various resources.

Adding biometrics to the mix brings additional convenience to both users and support staff. Once users are moved over to technologies that combine biometrics with SSO technologies, almost all support issues surrounding identity problems should vanish. Furthermore, combining identity management systems with biometrics can create a highly secure environment, especially if a PIN is added to the access process. That combination offers ease of use and ensures that users have the key elements to secure access: something they possess (a biometric element) and something they know (a PIN).

All things considered, once identity management is demystified, solution providers should meet little resistance selling those solutions to customers both large and small.