Page 4
Many companies will want to explore federated identity—a system that grants one company's employees access to another company's systems without re-authorization. This works particularly well for firms that collaborate with many people, or have outsourced partners who require access to data inside the company.
John Jackson, director of software technology at General Motors Corp., says the automaker is looking at federated identity for its outsourced 401(k) plan, expense reports and travel services.
More strategically, though, GM is considering ways to securely connect engineers with suppliers to encourage collaboration—which could speed development of new cars. The task is not without roadblocks, however.
"A big part of it is really working with your partner to decide how to handle issues around authentication," as well as session time-outs and co-logoff issues, Jackson says.
"You need to make very clear what those levels of trust are."
Emerging standards such as SAML (Security Assertion Markup Language) and those developed by the Liberty Alliance are making federation easier for companies.
According to Yankee's Waterfield, another trend is to tie in digital identity management systems with physical ones. In other words, the same card that lets you into your office would provide access to your company network.
Nextel's Deffet agrees. He says plans are under way to merge the company's physical and network security functions.
