Directory projects worth the pain

Corporate directory projects easily can top US$4 million and are rife with peril, but companies that successfully deploy the technology can unify user identities and build new security services, according to a new report.

Creating, maintaining and using digital identities, known as identity management, is such a critical issue that it is sparking conversations right up to the highest levels in organizations, says Gerry Gebel, an analyst with The Burton Group Corp. and author of the report, titled “Directory Strategy Survey: Organizations Share Their Real-Life Experiences.”

“To begin building federated identity services, single sign-on, and attribute sharing between partners and different security domains, you need to get a directory established that is an authoritative source of data,” Gebel says.

But that’s not easy. The survey, which details the trials and tribulations of nearly a dozen directory projects at large, unnamed global companies, found that the average directory project cost between $2 million and $4 million last year. Those figures included software, hardware, staffing and professional services. The projects lasted from 12 to 18 months.

And that may be the easy part. Like any large project, building a directory requires approval across an organization. The survey found that successful directory projects began with building a strong business case, lining up supporters within the organization and establishing a directory governance model that stays in place from implementation through operation of the directory. Also important was developing a set of guiding principles and detailed documentation.

“With the directory, we find a lot of people don’t get it,” says Gebel, who wanted to show what others have done to create awareness of how successful directory projects are run.

The survey participants built directory services that provide a central user identification repository that integrates with applications and serves as a platform for general-purpose security services, such as authentication and authorization. Most had implemented metadirectory services to link multitiered directories.

From there, most users planned to add features such as self-service capabilities, provisioning and password synchronization.

But getting to that point presents many challenges.

“Who owns data and who is responsible for data can become a nasty business to sort out,” says Gebel, adding that creating a business case and documenting ROI are other challenges.

“You can build the business case on identity management but that doesn’t make your project a fait accompli,” he says.

The survey found that most projects benefited from governance teams that developed standards, content rules and data usage guidelines.

“A directory gives you a foundation and the ability to move quickly as your business changes,” Gebel says. “But it’s not about the directory, it is about managing data.”