1.  HVL/Nulli Secundus 2001 Identity Management Guy Huntington, President HVL Derek Small, President Nulli Secundus

2.  HVL/Nulli Secundus 2001 Why Bother? Identity management leads to significantly reduced costs, improved service, increased productivity and competitive advantages over competitors E-business requires a high degree of system integration Identity management is the place to start in rethinking system workflows

3.  HVL/Nulli Secundus 2001 Identity Management Identity Management is the secure process of defining, creating, handling, updating and archiving core information about an individual

4.  HVL/Nulli Secundus 2001 Core Information Core information includes such basics as name (first, last, full name, common name), identification number(s), contact information, and any other information about an individual the enterprise deems important to securely gather, store, monitor and exchange portions of between systems

5.  HVL/Nulli Secundus 2001 But We Already Do That! You’re right…you do it potentially hundreds of different ways and that’s where the problems and opportunities are The ERP, HRIS, financials, payroll, data warehouses, CRM, marketing, sales, manufacturing, security, network, portals, contact management, e-mail, facilities and all your other 100-200 systems create, store, handle, archive and secure identities their own way

6.  HVL/Nulli Secundus 2001 Identity Universes Each application has a system of managing identities that lacked identity standards when they were built From an identity management perspective, each system in effect views itself as if the other systems don’t exist You might be surprised how much this approach is costing you in productivity, maintenance costs and competitive advantage

7.  HVL/Nulli Secundus 2001 Look-Ups & Org Charts Companies like Cisco and others have calculated the cost to their company in finding out who people are in the organization, their reporting structure and how to contact them The costs with their old legacy systems are in the tens of millions of dollars each year

8.  HVL/Nulli Secundus 2001 Not being able to find people instantly causes an even bigger hit in overall productivity Too much time is spent on trying to find information and people rather than dealing with the core tasks pertinent to achieving corporate goals Look-Ups & Org Charts

9.  HVL/Nulli Secundus 2001 New Hires Poor identity management for the new hire process is another big financial and productivity hit in corporations Often the new hire may take weeks and even months to get finished with all the 100- 200 business system registrations

10.  HVL/Nulli Secundus 2001 New Hires What is the cost to your corporation for every day, week and month of lost productivity for new hires? The costs can easily be millions or tens of millions of dollars annually

11.  HVL/Nulli Secundus 2001 Competitive Advantage In the world of internet time, integrating systems internally, between you and your partners and with the internet for your customers is imperative The cost you pay for poor, slow and expensive identity information transfer between your systems is a competitive disadvantage against competitors who have figured out a modern identity management strategy makes money

12.  HVL/Nulli Secundus 2001 Competitive Advantage By instantly synchronizing all your identity systems, you can consider new forms of doing business with your customers Offer new identity based services from your back-office systems to improve service Integrated, nimble identity systems means fast response to market changes Provides greater control over ensuring the customer their information is secure

13.  HVL/Nulli Secundus 2001 Security In e-business, the lack of coordinated identity systems often leads to security lapses –Time lapse –Information continuity Customer, employee or business partner identity information may be placed at risk or inadvertently given out

14.  HVL/Nulli Secundus 2001 Security The response time to making an identity change creates security breaches –A consultant leaving a company may still remain for some time with network, application and even authorization privileges –A customer requesting their information be kept confidential may find themselves still on mailing, distribution and publicly available access lists for months after making the request –Companies may have trouble ensuring employee home numbers/social security id’s are not given out and are properly secured

15.  HVL/Nulli Secundus 2001 Security The evolving information laws in Europe and Canada in particular place the onus on the company to ensure employee and customer information is secure The potential for litigation and adverse public perception in the marketplace increase by relying on older systems that weren’t designed with integrated identity security in mind

16.  HVL/Nulli Secundus 2001 Security The desire for single sign on for customers, business partner’s employees and your own employees means identity system integration is a must How else are you going to standardize, coordinate and enforce authentication within a domain, between domains and with your customers?

17.  HVL/Nulli Secundus 2001 Is There a Magic Bullet? No There are however many short terms steps you can take to put yourselves on the road to a modern identity management strategy and tactical deployment thereof

18.  HVL/Nulli Secundus 2001 Grunt Work The first step is to prioritize the identity management systems for integration and change You’re looking for low hanging financial fruit, strategic gain and internal productivity improvements –Integrating identity information in HR, HRMS, ERP’s and NOS’s are good starting points

19.  HVL/Nulli Secundus 2001 Grunt Work Then begins the task of diving into the minutiae of how these identity systems currently work –What information is stored? –What’s the syntax used? –How long are the fields? –What character sets do they use? –What’s the authoritative source? –Which other systems use the same information? –These are just some of the many starting questions

20.  HVL/Nulli Secundus 2001 Grunt Work The grunt work continues with examining who gets to see which identity attribute, who gets to modify it and who’s notified when any change to it is made? This is the heart of creating new streamlined workflow and secure identity management processes

21.  HVL/Nulli Secundus 2001 Coordinating Systems Your existing identity information will likely be stored in a variety of databases A few may use directories You need to consider a directory strategy acting as a central coordination hub for the identity systems

22.  HVL/Nulli Secundus 2001 Why Directories? Directories have a common standard “Lightweight Directory Application Protocol” (LDAP) for coordinating how information is stored and queried –You need a tool with a standard to coordinate your disparate identity systems They’re optimized for fast reads –It’s critical in e-business that the solution be fast for identity management including authentication

23.  HVL/Nulli Secundus 2001 Do I Keep My Databases? Yes You’ll use the directory to coordinate them You may eliminate the identity portion of some systems and place it in a directory where it’s cost effective Others such as PeopleSoft v8 are now directory compatible and ease integration with external systems via the directory while still using their extensive internal databases and data warehouses

24.  HVL/Nulli Secundus 2001 Directories A typical directory project often has an ROI of between 5 and 7 times investment You need a directory strategy addressing identity system integration

25.  HVL/Nulli Secundus 2001 Directory Design The design of the directory may be one of most critical decisions you make A poor design can cost money, time and effort in constantly changing as rapid changes occur in your organization

26.  HVL/Nulli Secundus 2001 Directory Design The performance of the directory is also impacted by how you design the directory –That’s important when you’re using the directory several thousand times a second to query for e-mail addresses, name, contact and org chart lookups, authentication and authorization

27.  HVL/Nulli Secundus 2001 Is a Directory All I Need? No, it’s just the beginning How are you going to manage and display the identity information? How are you going to ensure the identity security within and between your systems, your business partners’ systems and the interaction with your customers?

28.  HVL/Nulli Secundus 2001 Displaying Identity Information Let’s assume you’ve now got your internal identity systems coordinated and it’s time to get the employees, portal users, extranets and customers via the internet seeing the identity information they’re entitled to What’s your game plan?

29.  HVL/Nulli Secundus 2001 Displaying Identity Information Directories are not end-user friendly Unless you want to teach everyone how to use LDAP syntax, you better think about some middleware tools to make it so easy to use the end user community loves and uses your new identity systems

30.  HVL/Nulli Secundus 2001 What’s Required? Integrate with your intranets, extranets, portals and internet sites Graphically easy to search for, retrieve and display identity information See org charts on line if desired What the user sees is based on their security privileges

31.  HVL/Nulli Secundus 2001 Delegated Identity Administration How are you going to manage the incredible volumes of identity information securely and cost efficiently? The answer is to use delegated identity administration You need tools allowing delegation of the identity administration by different methods including dept, title, object class, rules, roles or name

32.  HVL/Nulli Secundus 2001 Self Serve Identity Administration Some portion of your identities may be best administered by the end-user themselves be it the employee, business partner employee or customer You need tools that allow you to securely delegate the administration as far down towards the end user as you deem appropriate

33.  HVL/Nulli Secundus 2001 Self Serve Identity Administration The end user modification must be easy to do Needs to integrate with your other systems to streamline the workflows

34.  HVL/Nulli Secundus 2001 E-Business Infrastructure Tools! Managing the whole identity process, securing it, delegating, displaying and integrating it with your systems is not trivial In our practice, we use Oblix as a primary infrastructure tool to coordinate and manage the identity process

35.  HVL/Nulli Secundus 2001 Oblix Oblix produces two products “Publisher” and “NetPoint” to handle identity administration and security Directory based Integrates identity, authentication, authorization and auditing systems

36.  HVL/Nulli Secundus 2001 Oblix Publisher Provides delegatable identity management to the level(s) you desire Integrates identity display with intranets and extranets Displays on-line org charts Displays based on what the user is allowed to see

37.  HVL/Nulli Secundus 2001 Oblix Issue workflow requests to manage identity changes Control view, modify and notify privileges for each identity attribute Easy to scale across an enterprise Works with different directory vendors

38.  HVL/Nulli Secundus 2001 The Bottom Line Identity management is critical to your profitability, responsiveness and productivity Identity management can be a cornerstone of a modern corporate infrastructure strategy with proper management, planning and tools

39.  HVL/Nulli Secundus 2001 I’d Like to Learn More Guy Huntington, HVL: guy@hvl.net www.hvl.net 604-921-6797 Derek Small, Nulli Secundus: derek@nulli.com www.nulli.com 403-270-0657