The Benefits of an Identity Management Architecture

An IMA provides a number of benefits to the business. One of the biggest is allowing the organization to focus on the positive aspects of digital identity in creating value. The traditional approach to security has focused on keeping the bad guys out, often at the expense of getting the job done. Identity management architectures focus on creating a digital identity infrastructure that gets employees, customers, partners, and suppliers to the resources they need.

At the same time, another important benefit is increased information security. This might seem like a contradiction, but I contend that by removing the crutch of perimeter defense and creating a comprehensive plan for managing identity and access control, security is improved. Security experts have preached for years that proper system implementation is a more reliable means of creating security than doing it as an afterthought. Identity management architectures are the road to that goal.

Increased security does not have to come at the cost of user convenience. In fact, the opposite is true. A properly implemented digital identity infrastructure allows information to flow more freely, while keeping it within the bounds set by the digital identity management policy. IMAs allow the organization to loosen the restrictions surrounding information management while gaining greater control of information access.

An IMA creates a plan that allows features such as single sign-on and federated identity management to work reliably. This significantly reduces the burden on employees, customers, partners, and suppliers who interface with the organization.

Part of creating an IMA is to design a management process for the enterprise's identity records. Many enterprises don't know what information they have and which entities regularly access it. An IMA contains inventories and structural information for identity stores and records. Furthermore, the architecture documents their relationships to one another and to the business processes they enable. These results alone can provide significant value to enterprise planners.

Most organizations don't know what costs they incur in managing identity. Creating an IMA not only sheds light on those costs, but can also reduce them. Reduced help desk costs alone can provide a significant return on investment to enterprises that take even simple steps.

Almost every enterprise contends with external requirements from partners and government regulators. In some industries, these external requirements can be quite severe (banking, health, insurance, and securities come to mind). Many of these external requirements have to do with controlling information flow and access. Often, organizations go to heroic lengths to meet these requirements, and the sad truth is that they usually fall short. IMAs provide a comprehensive plan that can take these requirements into account and ensure that systems built in the enterprise meet these requirements.

An IMA creates a plan for more closely managing information assets and controlling access. Specifically, critical assets are identified and policies put in place to protect them. The infrastructure is built so that these policies are more easily enforced. All of this reduces the chance of losing critical information from either malicious or negligent behavior.

Because the IMA is focused on the needs of the business, management participation provides a business perspective to what were previously internal IT processes. Security has traditionally been the sole purview of the IT department. Business units were just expected to live with it, regardless of inconvenience and lost opportunities. The irony is that the business is the reason for the security in the first place. Perimeter defense has to be very strong and very tight to be effective, but it's a one-size-fits-all solution. An IMA starts with a business model and relies on the ongoing participation of business managers to avoid these disconnects.

Having an IMA creates a more agile enterprise that easily accommodates changes caused by new business strategies, new products, new markets, and mergers and acquisitions. An IMA provides a blueprint for how the business manages information assets. This blueprint and the infrastructure it depicts provide a neat and easily understood system that is more flexible than the typical hodge-podge collection of identity systems that have grown up over the years. The IMA clearly outlines the policies and standards that are in place and documents the overall system design. This provides clear guidelines for integrating new systems into the legacy infrastructure.

An IMA is founded upon a clear governance process that has been agreed to by all players in the enterprise. This process guides the development of the architecture and its maintenance through the years. This governance process has uses beyond identity management, and can be exploited by the CIO and executive managers to guide other enterprise projects as well.

An IMA includes business models that are used to ensure that the identity infrastructure is aligned with what the business needs. These models are useful beyond building the infrastructure, and can form the basis for designing and building other IT systems that are aligned with business needs. As a consequence, creating an IMA leads to increased understanding of the business.