Saturday, June 10, 2006

Identity Ownership

One of the things that you will notice about my entries is that I am concerned with how the concepts of Identity and its management fit into the enterprise. I'll be focusing on this question from time to time since.

I am constantly thinking about how to make Idenitty Management a larger part of the enterprise, not only becuase it makes sense from security and compliance, but because good, clean, organized IdM data results in a better running organization

Identity Management must be a well defined process (more on this later) and it's interesting that while we seek to reduce errors and and mismatched data and increase compliance, there's no real Department of Idenity or CIdO in an organization. I believe that as we further define this relationship we will see this person more often. I believe we are seeing this now as more and more organizations create "Compliance Officers" and the like. Indeed, with the coming of increasingly stringent regulations and the direct penalities on organizations and their officers, I think this is a lock.

Anyway, in seeking to define this, I believe that the enterprise needs to figure out how to properly integrate Identity Managment in the organization. Right now, several parts of the enterprise are involved in IdM, Human Resources, Corporate Security, Finance, and of course, IT. This makes the adoption of any IdM infrastructure difficult at best.

There are a lot of players here not all of which have simiar needs. Who owns the process? Who pays for it? Who is getting the most out of the implementation?

Naturally, these questions will have different answers in every organization. Lacking a CIdO, there will need to be a very careful assessment of ownership and responsibility which will depend upon at least

  • Exisisting Infrastructure
  • Exisiting tools (HR, ERP, etc)
  • Size of the organization
  • Industry type (dictates comliance needs)

Once that's done, we can start the process discussion...

No comments: