CIO Enterprise Identity Project Approaches
CIO Enterprise Identity Project Approaches
The Enterprise Identity Management project is all about
automating business processes and synchronizing identity-related
information across the enterprise.
Why do we need Identity Management?
Identity management is necessary to support a strong and
flexibly security framework. Most system and data
vulnerabilities come from improperly managed rights and
entitlements. Many companies do not have the necessary
identity-related security implementations to adequately control
access to services, devices, applications, and data. Properly
securing an enterprise today means implementing automated
processes and procedures for granting and revoking access to
company resources. Intelligent identity management
implementation will provide staff with the means to control,
enforce, and monitor access to company resources. Additional
benefits include access to monitoring and providing a proof of
compliance to Sarbanes-Oxley auditors.
Identity Related Access
Control of employee, supplier, and partner access can be far
from perfect. Terminated contractors and employees may have
access to company resources long after they have officially left
the company. Access credentials that employees and contractors
need in order to perform their normal tasks are frequently so
numerous that they write down their access codes and store them
in or near their workspace. Securing the enterprise means
providing a process or framework to synchronize employee,
supplier, and partner identities across all systems. An
intelligent identity management system provides the means to
achieve a high degree of security and a secure trust level while
allowing employees, suppliers, and business partners to access
company resources.
Best Approach to Identity Management
The best approach for an intelligent identity management
framework is an open system approach, which uses standardized,
readily available commercial components. The open system
approach creates an environment that is adaptable and enables
the company to respond quickly to rapidly changing business
environments. The approach also provides a framework in which
individual components can be replaced, maintained, or upgraded
on demand with minimal or no impact to the overall system.
Additional benefits are achieved by reducing reliance on any one
vendor or technology, and this provides a buffer against
technological change and vendor consolidation. This approach
allows the framework and methodology to reduce the risk
associated with implementing or changing components.
Implementation Methodologies
Considering the required cost and complexity of integrating
identity repositories in the enterprise, an open flexible system
that reuses readily available components is an ideal solution to
a very complex problem. Identity-related processes require
communication between technologically diverse identity
repositories, applications, and processes. Each application and
identity repository is designed for a specific purpose and not
necessarily designed to integrate with other solutions. However,
achieving the desired goal of integrating these technologically
diverse repositories with ongoing business processes is a
difficult and complex issue. The ideal solution is to integrate
the applications, identity repository, and business process by
using a common, robust, and scalable transport to exchange
information. Enabling applications, a legacy system, and a
business process to exchange information in a common and
reliable manner is a necessity to meet long-term business needs.
This technology must provide for guaranteed data delivery,
regardless of network changes or outages, and it must also
provide a level of abstraction from diverse identity
repositories and processes.
Service Oriented Architectures (SOA)
With the increasing acceptance and reliance on SOA
(Service-Oriented Architectures), Web Services, Middleware
Messaging, and Database solutions, these items are being adopted
in many enterprises and are becoming a common component of
numerous business enterprises.
Web Services?
The loosely coupled nature of Web Services provides a flexible,
component-based, open, extensible, and reusable solution. Web
services also enable platform and application-independent
communication methods of exchanging information over HTTP.
However, if there are unexpected network connectivity issues,
does the client have a mechanism to guarantee that any and all
data will be delivered to the Web service? No matter how good
your network is, there will always be a chance that critical
data can be lost owing to a variety of reasons. Web services by
themselves cannot provide the necessary guaranteed data delivery
service that is required for today's demanding business
environments. On their own, Web Services have no standardized
mechanism to provide a guaranteed data delivery service when
network outages occur unless the application is specifically
designed and developed with a guaranteed data delivery
mechanism.
Why Not Database Replication?
Data exchange can also be achieved by using database
replication. The client can insert data into a local operational
database and it can eventually be replicated to the central
subscriber. In this case, application communication requires a
local database on every server; a replication mechanism that has
either been developed or bought will provide the delivery
mechanism. This may not be the best solution, as it requires
extra effort to configure, maintain, and monitor. These extras
are already provided by middleware messaging products.
Middleware Messaging Transport Service
The middleware messaging transport service provides a layer of
abstraction between the application, identity repositories, and
business process. It also provides the necessary guaranteed data
delivery service that is so crucial in today's enterprise
environments. The middleware messaging provides the ideal
environment to enable open, extensible, and flexible identity
management solutions. It also provides the necessary abstracted
environment for exchanging information between identity
repositories, processes, and applications, as well as providing
an effective integration for outside vendors and suppliers. The
most open extensible and scalable method to exchange information
is middleware oriented messaging.
Middleware vendors
Several of the more popular middleware vendors are listed below.
IBM's WebSphereMQ http://www-306.ibm.com/software/integration/wmq/<
/a>
Tibco Rendezvous http://www.tibco.com/software/enterprise_backbone
/rendezvous.jsp
SonicMQ http://www.sonicsoftware.com/index.ssp
Microsoft MSMQ http://www.microsoft.com/windowsserver2003/techno
logies/msmq/default.mspx
Conclusion
The middleware messaging transport service provides the
necessary support infrastructure that enables integration teams
to focus on business logic rather than on the development of
custom solutions or components. The abstracted environment also
provides the ideal environment to build effective, open, and
extensible identity management solutions. For more information
on how to use middleware messaging to support your identity
management initiatives, please visit WWW.EAISimSolutions.com