Page 4

: Future">

Make sure the software you install can support federated identity management and can integrate with authentication tokens.

Many companies will want to explore federated identity—a system that grants one company's employees access to another company's systems without re-authorization. This works particularly well for firms that collaborate with many people, or have outsourced partners who require access to data inside the company.

John Jackson, director of software technology at General Motors Corp., says the automaker is looking at federated identity for its outsourced 401(k) plan, expense reports and travel services.

More strategically, though, GM is considering ways to securely connect engineers with suppliers to encourage collaboration—which could speed development of new cars. The task is not without roadblocks, however.

"A big part of it is really working with your partner to decide how to handle issues around authentication," as well as session time-outs and co-logoff issues, Jackson says.

"You need to make very clear what those levels of trust are."

Emerging standards such as SAML (Security Assertion Markup Language) and those developed by the Liberty Alliance are making federation easier for companies.

According to Yankee's Waterfield, another trend is to tie in digital identity management systems with physical ones. In other words, the same card that lets you into your office would provide access to your company network.

Nextel's Deffet agrees. He says plans are under way to merge the company's physical and network security functions.

What do we need to do to extend this to our suppliers, partners and customers?

Tell Your CTO:

We need to make sure our solution is scalable.

Ask Your CSO:

Should we look at unifying our physical and network security systems?

To download a Factsheet on Data Quality, click here.