Experts give identity management advice
- By Michael Arnone
- Oct 10, 2005
Proper deployment of identity management can improve organizations’ effectiveness and the bottom line, experts said.
Identity management answers the questions of whether people are who they say they are and whether they have the proper affiliation or criteria to do certain tasks, James Kerins, senior vice president for information solutions at LexisNexis Special Services, said at the Information Technology Association of America’s Identity Management Conference last week.
Automated identity management tools also help fight fraud and lower costs, Kerins said.
“Identity management is key to ensure trust, [privacy and security] as well as to facilitate collaboration and improve analytics,” said William Crowell, a security consultant and a member of the Markle Foundation’s Task Force on National Security.
Process and systems integration are a greater obstacle now than technology, said Frances Zelazny, director of marketing and legislative affairs at Identix. Human resources, IT and physical security workers don’t look at overall security systemically and instead work only to solve their particular issues, she said.
Successful identity management depends on viewing security systemically within an organization, Zelazny said. Identity management is frequently viewed as the responsibility of employees in charge of physical security, she said. They must work with human resources officials to develop processes for granting privilege levels, she said.
Getting the right information the first time when doing background checks – the first step of identity management – is crucial to successful deployments, Zelazny said.
She added that organizations face many challenges to getting the information right the first time, including poor data quality, employees dispersed worldwide and human resources staff who are not trained to capture fingerprints. Collecting the data is labor intensive, especially the first time, and sometimes requires seasonal hires, she said.
Organizations must look through their systems to ensure that each employee has only one identity, Zelazny said. They must remove duplicate identities and aliases in their systems and partner agencies, she said.
Biometrics are key to achieving eliminating duplication and differentiating between people with the same name, Zelazny said.
For example, organizations can use two photos of the same person – one smiling, one not – to improve biometric security. Running facial-recognition software against two related pictures instead of one adds additional security, she said.