General Motors Corp. plans to migrate its end-user identity management services to a single global system over the next several years as part of a broad initiative to improve IT efficiency and reduce the automaker’s operational costs.
When it’s completed, the consolidated identity management system will enable universal application access and single-sign-on capabilities for about 500,000 end users, including GM employees and workers at suppliers, contractors and other business partners, according to Tony Scott, the company’s chief technology officer.
The new infrastructure will replace numerous silos of identity information at GM and will play a crucial role in its ongoing move toward a global supply chain and manufacturing model, Scott said at the Digital Identity World conference in Denver this week.
“The supplier and design collaboration we are going to need won’t tolerate a world where you have silos of identity (data),” Scott said in an interview prior to delivering his keynote speech.
GM’s plan is a prime example of the increased focus some companies are putting on identity and access management as a way of cutting administrative costs and improving end-user access to applications, said Pete Lindstrom, an analyst at Spire Security LLC in Malvern, Pa.
The Boeing Co. is another large user that’s in the midst of a long-term effort to give employees, customers and suppliers single-sign-on access to a range of applications and computing services.
Already, Boeing employees can use their corporate log-ons to access information on password-protected Web sites operated by benefits providers, said Michael Beach, an associate technical fellow at the Chicago-based company.
In addition, mechanics at a major airline customer of Boeing can use their regular usernames and passwords to access electronic repair manuals stored on Boeing’s internal networks. The aircraft maker is working to extend the capability to other airlines, he said.
The drastically reduced number of end-user accounts that need to be maintained and supported in such a federated identity management infrastructure has resulted in “substantial cost savings” and improved user productivity, according to Beach.
The federated system is built around single-sign-on software from Cupertino, Calif.-based Oblix Inc., although Beach said that Boeing had to do “quite a bit of customization.”
Also playing a key role in driving consolidated identity management projects are new regulations, such as the Sarbanes-Oxley Act, that require companies to get a better handle on their application access-control capabilities, Lindstrom said.
“Regulatory pressures are driving a lot of what’s happening in the security space,” said Lindstrom. Implementing consistent identity and access management tools can give large companies such as GM and Boeing “a way of getting a top-down look at what legitimate users are doing with applications and of monitoring that access,” he added.
GM’s existing identity management infrastructure is “not an enterprise solution,” Scott said, adding that functional units such as manufacturing and engineering control their own user identity information.
The global identity management architecture and governance model will use a combination of directory management technologies, such as the Lightweight Directory Access Protocol and Microsoft Corp.’s Active Directory, Scott said.
The company also plans to use identity federation technologies based on the Security Assertion Markup Language and Liberty Alliance Project standards to provide cross-domain application access to GM employees and external users. “A system that is not federated will be impossible for us to manage,” Scott said. “It would kill us administratively.”
GM plans to hire a prime contractor to install and manage the global identity management services once its existing IT services contract with Electronic Data Systems Corp. ends in June 2006, according to Scott. He wouldn’t disclose a specific deployment schedule or a cost estimate for the project but said he expects the tab to be “in the millions” of dollars.