Lest you think these are rare situations, we asked our readers to estimate the number of Web resources their organizations offer authenticated users. Nearly half of our 307 respondents said they support more than 100 resources; 12 percent said they have more than 5,000 resources available. As you can imagine, this makes the second part of that equation--customizing access for top customers and partners and giving end users access to niceties like single sign-on and self-service functionality--a huge challenge.
This sad state is attributable to an overwhelming lack of technology integration and a failure of procedures and policies. As business units try to implement projects on tight budgets, it's easier to hire a consultant to build a standalone Web application than to work through the proper channels to integrate with an existing identity store. Most times, these seemingly insignificant projects happen without the consent or knowledge of the IT department and get on IT's radar only when security vulnerabilities or scalability problems arise.
What To Do?
Help is available in the form of identity- and access- management products. We tested five IAM suites; see "I Manage, Therefore IAM,". The IAM product landscape has changed quite a bit in the past couple of years. In many cases, vendors that once focused on Web access control or identity management now provide software that addresses both. Here's a rundown of key concepts:
Identity management involves the creation, maintenance, teardown and overall management of identities within an organization. In other words, identity management deals with authentication, not authorization. Elementary? Not so. Identity management requires policy application and identity synchronization across multiple stores. These identity stores may be found within network OSs, database servers, directories, HR systems, business applications and e-commerce applications.