IDentity Managment Strategy

Before we seek Identify Management solution for an organization, the organization must define its business strategy in context to IDM. There are organization which requires to have multiple credential to login to multiple system in the landscape. Most of the federal government organization believes that the system landscape is much more secure when each system in the landscape has its own authentication scheme. To amplify that point, each user of the system in the landscape will have 5-6 credentials. One login credential for desktop, one for email, one for using internet, one for using the systems, one for using HR systems and etc. The idea behind this is, if a system security is compromised then it will not impact other system. At the same time, each users are asked to remember 5-6 user name and password. Users tend to forget the user name/password and require more help desk personnel which increases over all support cost.

On the other hand, when organization require to provide ease of use for its systems in landscape, it moves towards single sign on (SSO) and security architecture principle is one user, one identification. The risk with this approach is, if a system is compromised, the entire systems in the landscape will be compromised.

For each scenario, there is entirely a different identity management solution. IDM includes

  • User provisioning
  • User management
    • Role Management
    • Audit Control
  • Access Management
    • Authentication
    • Authorization
  • Directory services
  • Work flow
  • Federation
  • User de-provisioning

The components of IDM aligns to the process steps I laid out for IDM few months ago.

Identity Management solution can be simplified when the existing and must have directory service is extended to use for other areas. That is, when an organization uses active directory services as a authentication scheme for a desktop/laptop/pc and there is no plan to change it, the recommendation is to study how the active directory service can be made available for other areas like authentication of web application, email and etc.

Take aways:

  1. Must define the identify management direction based on business strategy (in the context of IDM)
  2. Leverage existing and must have directory service
  3. Select a product (for instance Sun Identity Management) which integrates with directory service, user management, and open standards for work flow , provisioning and de-provisioning
  4. Based on IDM direction, synchronize  the credentials (like email, desktop login, unix server login, mainframe login, HR system login, benefits system login)
  5. Manage user entry and exit process in a cohesive manner and automate the creation and deletion of credentials in all areas.

Note: This page is used for google’s page rank emprical analysis. The links will be created based on the random graph created.  This is node #5 which has the key word:  xysivabodzinyx , xysivabodzinxy

An Evaluation Matrix for an Enterprise Architect

Some times, a simple concept may be crystal clear to you in your mind, but, it may be difficult to grasp by the audience. Enterprise Architects must continuously work on the soft skills to communicate a message successfully irrespective of the audience knowledge level. In that regard, an evaluation matrix for an enterprise architect is given below.

  • Perform the necessary action to meet the given objective and unable to communicate to the necessary stakeholders = FAILED,  as an enterprise architect to meet the mission
  • Does not perform the necessary action to meet the given objective & unable to communicate to the necessary stakeholders = FAILED, as an enterprise architect to meet the mission
  • Does not perform the necessary action to meet the given objective = FAILED, as an enterprise architect to meet the mission
  • Perform the necessary action to meet the given objective and able to communicate to the necessary stakeholders = SUCCESSFUL, as an enterprise architect to meet the mission

A set of soft skill must be possessed by an enterprise architect to be a successful enterprise architect. Enterprise architect must be able to connect to the application team, infrastructure team, IT finance team, IT procurement team, business teams, senior management, executive management and others.

How EA can assist in the global economical crisis?

Economist and financial analyst says the current economical condition is the worst since great depression. The crisis exist in all fronts. The magnitude of global issues are very high. The financial & economical growth are not bright in near future. Companies are looking for cost optimization and eliminating discretionary spending in all areas.

Enterprise architects can play a signficant role in any organization to optimize the current spend and provide facts based data to eliminate the discretionary spending. Enterprise architects are the best qualified and well suited person to perform this role since they understand holistic view of organization from financial, organization, application, business, information and infrastructure perspective.

Potential cost optimization areas where enterprise architects can assist an organization

  • Contract negogiation with existing providers (software, hardware, maintenace and enhancement, right sourcing, contractor, professional services)
  • Application portfolio assessment – Sundown or eliminate applications in the landscape does not add signficant value to core business processes
  • Technology simplification – Eliminate and reduce the technologies in the landscape
  • Sourcing strategy – Bundle the applciation for cost effective service offering
  • Reduce technological complexity – Migrate the enterprise software (like IBM websphere or BEA weblogic, IBM DB2, Oracle, Portal server and etc)usage to open source software
  • Maximize  Web 2.0 technology for corporate colloboration- (Use Wiki, Blogs, youtube and etc)
  • Assist business teams in optimizing the business processes – reduce steps in return reduce head counts
  • Explore to migrate current licensing models to the term based licenses to improve the cash flow of organization