Automate Information Access with Identity Management
Overview
On This Page
Challenge
To reduce operational costs and improve efficiency, today's extended enterprise needs to provide its employees, customers, and business partners with secure access to its information assets. These days, access to corporate applications, Web sites, and services can often take place from outside the office—from home computers and mobile devices such as PDAs and cell phones, for example. Providing users across the organization and beyond with appropriate access can carry the twin burdens of rising IT costs and security risks.
To illustrate, as a large company hires, promotes, and transfers employees throughout multiple offices (which can often be spread across different countries), thousands of user-access change requests are made to groups such as human resources, finance, telecommunications, security, and IT. Each of these groups must manually update various databases and application directories to reflect the impact of changes to individual employees. Provisioning and de-provisioning employees as they join and leave can require significant manual coordination to ensure that changes are implemented across the company's various disconnected databases and directories. Keeping these distinct user identities and levels of authorization in sync increases management costs, regulatory compliance risks, and security risks.
To amplify these issues, META Group research¹ shows that during a one-year period within a typical 10,000 user organization:
| • | 48 percent of helpdesk calls are related to password resets
|
| • | 54,180 employee-hours are spent administrating users, user stores, and authentication and entitlement
|
| • | 2,666 employee-hours are spent logging on applications
|
¹META Group research conducted on behalf of PricewaterhouseCoopers, June 2002.
Solution
An integrated identity management solution provides a unified view of the user across the organization. It enables companies to build a secure environment for managing user identities, authentication methods, and access rights.
The Microsoft solution for identity and access management includes:
Technologies | | • | A centralized, unified console for managing user identities. Enable organization-wide user verification and authorization from a single point of access.
| | • | Self-service password management features. Employees may change and synchronize their own passwords across all directories, without calling the IT group.
| | • | Single/reduced sign on capabilities. Allow users to access corporate-wide applications, Web sites, and services without entering (and remembering) multiple passwords.
| | • | Integrated authentication. Use Kerberos encryption, x.509 public key infrastructure (PKI) certificates, lightweight directory access protocol (LDAP), and Web-based authentication to prove user identities and assure privacy.
| | • | Lower regulatory compliance risks. Ensure the confidentiality and privacy of the data with which employees are working.
| | • | Interoperability with multiple platforms. Integrate user identity information across multiple repositories, systems, and platforms (including legacy platforms) in a timely manner.
|
|
Partners | | • | Needs assessment
| | • | Best practices and design strategies
| | • | Customization and development
| | • | Implementation services
| | • | Infrastructure maintenance
| | • | Value-added features and functionality
| | • | and more...
|
|
Best Practices | Lab-tested, customer-proven technical guidelines for planning, designing, and implementing the solution
|
Benefits
Reducing costs by:
| • | Minimizing helpdesk calls related to password resets.
|
| • | Decreasing time spent administering users, user stores, authentication, and entitlement.
|
| • | Providing self-service capability to your employees, customers, and partners.
|
Reducing risk by:
| • | Providing employees, partners, and/or customers appropriate access to information based on centralized authorization rules.
|
| • | Automating the provisioning and de-provisioning of user accounts.
|
| • | Enabling organizations to meet privacy, authentication, and authorization requirements of government or industry regulations.
|
| • | Utilizing strong authentication mechanisms such as smart cards, biometric devices, and using Public Key Infrastructure (PKI).
|
| • | Utilizing strict account policy enforcement involving passwords.
|
