Modernizing Authentication — What It Takes to Transform Secure Access
Customer identity management can be an opportunitybut tread carefully.
Only a decade ago, the idea of providing customers access to internal corporate systems was unthinkable to most IT shops. Today, it's standard operating procedure. And with that access comes a raft of identity management problems that can make internal difficulties pale in comparison.
Once a business begins managing information about its customers, it may look for ways to share that information with partners. Take, for example, customers who visit United Airlines' Web site to make a reservation. To offer them rental cars from United partner Hertz, United must seamlessly hand off its customer registration data to Hertz. That kind of integrated identity management, known as "federation," is increasingly being discussed as a golden opportunity for businesses with online presences. "We look at this as a control issue," says Kevin O'Neil, president of the International Security, Trust & Privacy Alliance (ISTPA), an industry consortium. "Who's going to enroll people, who's going to maintain it, who's going to traffic in this data?"
Yet growing government oversight and customer concerns about safeguarding personal information mean corporations must think through all the ramifications of their actions before venturing too deep into processes that make customer data more widely available. For example, the Health Insurance Portability and Accountability Act of 1996 (HIPPA) clearly defines rules for sharing patient information between healthcare organizations, such as requiring that only authorized people can see specific data. Without explicitly defined marching orders for healthcare IT departments, the way applications manage identities can open an institution up to substantial risk.
But analysts say most discussion of federation is still just thatdiscussion. Though Microsoft's .NET Passport is already in use, much criticism has been leveled at its centralized identity database. And efforts such as the Liberty Alliance, a group of vendors attempting to streamline cross-corporation identity management, are still nascent. "That's two to three years away from being anything useful," says Gartner's Pescatore.
Ask Your E-Business Constituents:
How much does the ability to share customer information with our partners matter today?
Ask your legal department:
What are the laws in our state that govern our identity management actions?
Ask your business colleagues:
Can we save money by streamlining the process by which we buy and sell product with other businesses?