Experts give identity management advice

Proper deployment of identity management can improve organizations’ effectiveness and the bottom line, experts said.

Identity management answers the questions of whether people are who they say they are and whether they have the proper affiliation or criteria to do certain tasks, James Kerins, senior vice president for information solutions at LexisNexis Special Services, said at the Information Technology Association of America’s Identity Management Conference last week.

Automated identity management tools also help fight fraud and lower costs, Kerins said.

“Identity management is key to ensure trust, [privacy and security] as well as to facilitate collaboration and improve analytics,” said William Crowell, a security consultant and a member of the Markle Foundation’s Task Force on National Security.

Process and systems integration are a greater obstacle now than technology, said Frances Zelazny, director of marketing and legislative affairs at Identix. Human resources, IT and physical security workers don’t look at overall security systemically and instead work only to solve their particular issues, she said.

Successful identity management depends on viewing security systemically within an organization, Zelazny said. Identity management is frequently viewed as the responsibility of employees in charge of physical security, she said. They must work with human resources officials to develop processes for granting privilege levels, she said.

Getting the right information the first time when doing background checks – the first step of identity management – is crucial to successful deployments, Zelazny said.

She added that organizations face many challenges to getting the information right the first time, including poor data quality, employees dispersed worldwide and human resources staff who are not trained to capture fingerprints. Collecting the data is labor intensive, especially the first time, and sometimes requires seasonal hires, she said.

Organizations must look through their systems to ensure that each employee has only one identity, Zelazny said. They must remove duplicate identities and aliases in their systems and partner agencies, she said.

Biometrics are key to achieving eliminating duplication and differentiating between people with the same name, Zelazny said.

For example, organizations can use two photos of the same person – one smiling, one not – to improve biometric security. Running facial-recognition software against two related pictures instead of one adds additional security, she said.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.