Managing the identity of people who have access to critical business data has long been a key component of effective information security strategies. But it's taken on greater urgency with the push to mitigate corporate risk by restricting access to applications and information.
Identity and access management tools verify the identity of peopleincluding employees, business partners and customersand control the applications and information those people can access.
A major benefit of the technology: It's helping companies comply with government regulations such as the Sarbanes-Oxley Act, which requires public companies to back up financial statements with proof of the procedures and controls in place, and the Health Insurance Portability and Accountability Act (HIPAA), designed to secure patient information.
In response to those measures, demand for identity and access management products is on the rise. Total worldwide revenue for the software will increase from $3 billion in 2005 to more than $5 billion in 2010, predicts Framingham, Mass.-based research firm IDC. The market has attracted information-technology and security vendors including RSA, IBM, CA, Novell, SafeNet, Hewlett-Packard, Sun Microsystems and VeriSign.
Mark A. Lobel, a partner at PricewaterhouseCoopers' advisory services group, sums up identity management this way: "Providing the right people with the right access at the right time." Despite that straightforward definition, he cautions that ID management projects can trip up companies, depending on the number of applications that must be integrated with the identity manager and other project requirements.