I wanted to talk a little more about the CIdO and how the Identity Management department should work a given organization.
First off, I do not believe that IT should be a part of the IdM department. In my view, the IT Department is more of an infrastructure group that supports all parts of the enterprise. I'm not dismissing IT here. While other departments conduct, support, organize and regulate the organization, it is IT that enables the organization. In today's world Information Technology is essential to all organizations in the 21st century.
That being said, I believe that the IdM department should include Human Resources, Information Security and Audit as well as the Physical Access Control group if the organization is so equipped.
I'm pretty sure that this combination will not work for the CIdO of every organization, and I don't even think that this is my final thought on what should be in the IdM department. However, I think that this helps to further define the organization.
Next time, I promise to start the process discussion...
Tuesday, June 13, 2006
Sunday, June 11, 2006
New Things
I changed the look and feel of the blog. Added some more information. I hope you like it.
While on the topic of new things... The company I work for, MaXware, has released a new product, and best of all for a limited time it is free!
DSE Lite is a great A to B synchronization tool that is based on the MaXware Data Synchronization Engine. It's a great way to get introduced to the MaXware Identity Management Suite, this offer is good until July 31, 2006. Here is more information on how DSE and DSE Lite compare.
While on the topic of new things... The company I work for, MaXware, has released a new product, and best of all for a limited time it is free!
DSE Lite is a great A to B synchronization tool that is based on the MaXware Data Synchronization Engine. It's a great way to get introduced to the MaXware Identity Management Suite, this offer is good until July 31, 2006. Here is more information on how DSE and DSE Lite compare.
Saturday, June 10, 2006
Identity Ownership
One of the things that you will notice about my entries is that I am concerned with how the concepts of Identity and its management fit into the enterprise. I'll be focusing on this question from time to time since.
I am constantly thinking about how to make Idenitty Management a larger part of the enterprise, not only becuase it makes sense from security and compliance, but because good, clean, organized IdM data results in a better running organization
Identity Management must be a well defined process (more on this later) and it's interesting that while we seek to reduce errors and and mismatched data and increase compliance, there's no real Department of Idenity or CIdO in an organization. I believe that as we further define this relationship we will see this person more often. I believe we are seeing this now as more and more organizations create "Compliance Officers" and the like. Indeed, with the coming of increasingly stringent regulations and the direct penalities on organizations and their officers, I think this is a lock.
Anyway, in seeking to define this, I believe that the enterprise needs to figure out how to properly integrate Identity Managment in the organization. Right now, several parts of the enterprise are involved in IdM, Human Resources, Corporate Security, Finance, and of course, IT. This makes the adoption of any IdM infrastructure difficult at best.
There are a lot of players here not all of which have simiar needs. Who owns the process? Who pays for it? Who is getting the most out of the implementation?
Naturally, these questions will have different answers in every organization. Lacking a CIdO, there will need to be a very careful assessment of ownership and responsibility which will depend upon at least
- Exisisting Infrastructure
- Exisiting tools (HR, ERP, etc)
- Size of the organization
- Industry type (dictates comliance needs)
Once that's done, we can start the process discussion...
Subscribe to:
Posts (Atom)
