In this Q&A, Tony Nadalin, chief of security architecture for IBM Software discusses ways in which companies can protect their mission critical data even as they connect their networks with outside partners.
What Is Identity Management? Why Is It Important to Web Services?
The goal of identity management is to use accurate knowledge of your users to reduce costs, improve security, and achieve regulatory compliance. It's a broad and multifaceted discipline that has rapidly emerged to become a top IT initiative. Objectively understanding your priorities is a critical factor in planning an integrated identity management solution, especially in light of deploying Web services.
In terms of cost, today's IT landscape has shifted from the computer being the costly resource to the actual users being the costly resource. As members of the technology industry, we need to work to reduce manual labor to bring these costs down. We can do this through automation.
Besides Reducing Manual Process, What Are Some Other Business Benefits?
The fundamental business benefit of deploying a Web service is the connection or interoperability of disparate networks, allowing for more efficient business process flows. However, making sure the networks have consistent security policies can be an administrative nightmare, especially when the networks are owned and operated by separate entities as business partners. It is vitally important to establish a consistent identity management strategy that gets absolute buy-in from end users, the IT staff, and the management team.
What Steps Should Organizations Take to Implement a Consistent Identity Management Strategy?
An important dimension of the solution is its incremental implementation; the specific order depends on your organizational needs. The three steps to this are to 1) assess the needs of your organization, 2) identify security policies like who gets access to specific data and who controls certain access points, and 3) establish a business case and run the ROI figures. When you consider that help desk personnel currently spend up to 30% of their time resetting passwords, man hours saved can be huge.
Let's Say You Want to Expand Security Policies to a New Web Service You Are Deploying. What Do You Need to Keep in Mind as Some Unique Characteristics of This Type of Environment?
You need to make sure different applications can access and share information across systems. And the way you do this is by implementing an autonomic identity management strategy that takes advantage of open standards and APIs.
By using an open standard like J2EE, network administrators are able to extract security policies directly from an application, user profile, or data stream. It takes this directly from the packet container and centralizes this information where it can be accessed by a security administrator via an access management solution.
J2EE allows these security policies to be shared throughout the Web services network regardless of where the network lies. This ensures that security policies are consistent across all networks within the Web service.
