Today’s IT environment has brought us the extension of the enterprise outside company walls, an explosion in technological complexity, more government regulation, and increasing competition. We are heading for a more complex, interconnected, and risky world. As our economy becomes increasingly global and companies operate in competitive marketplaces, we find, paradoxically, that the boundary at the periphery of the business is growing more porous, and it becomes more difficult to distinguish between who does and who doesn’t have access to enterprise information. We are connecting less through direct, face-to-face interaction and more through artificial, computer media, yet we are more involved with one another.
Many businesses embrace the notion that the Internet can be a source of real competitive advantage, but it is the rare business indeed that can effectively handle the identity complexities the Internet has introduced. While the most forward-looking companies can manage these opportunities and threats in order to create flexible, scalable Web-enabled architectures, other companies cannot.
In particular, identity issues are emerging as critical factors for business operations as a direct result of the connectivity that underlies the Internet. So what are the factors that are causing us to grapple with identity to the point at which it is a problem to be managed?
There has been a marked increase in the “opening up” of the enterprise to partners, customers, and suppliers, as well as to an increasingly mobile workforce, all of whom expect to have the appropriate network resources available to them on demand, regardless of physical location or access device. This creates enormous pressure on overworked IT departments.
Today’s IT environment has seen an explosion in the number of policies, platforms, systems, and controls, and with the introduction of each new policy or platform, the complexity of the IT environment increases significantly. Companies are already grappling with the compartmentalization of IT resources into different autonomous domains. We seem to be drowning in metaphors, with the media describing the situation in terms such as “islands of information,” “patchwork quilts,” “silos,” “stovepipes,” and so on. The net result is a tremendous increase in the number of user IDs and passwords and a corresponding exponential increase in the number of potential security loopholes.
A Growing Regulatory Environment
Companies are dealing with a vastly more complex regulatory environment created by the corporate governance scandals of the 1990s and the “know-your-customer” concerns resulting from the terrorist attacks of 9/11. In addition to Sarbanes-Oxley in the US, a raft of new laws, regulations, and compliance orders require companies in many industries to consider a comprehensive overhaul of the ways they monitor and track customers and partners. Suddenly, digital identity is no longer just a way to keep track of users; it is a fundamental requirement that could raise serious corporate governance questions for ill-informed boards of directors.
Companies are under constant pressure from stakeholders to improve their overall competitive positions. Shareholders, of course, want a more efficient, streamlined enterprise and year-over-year revenue growth. That translates into a constant call for ROI from IT investments; senior-level managers must be able to deliver ROI on any IT investment. They can no longer experiment with the next big thing; they must be able to implement technologies that can cut costs, boost revenues, or result in increased efficiency. Likewise, business partners are demanding a more comprehensive look at network resources; suppliers want greater visibility into the supply chain, while other partners want access to real-time information on portal sites. End users want personalized solutions that are seamless throughout geographies and time zones and are responsive to privacy concerns. And not to be ignored, employees want solutions that empower them to leverage enterprise IT resources on an as-needed basis.
By failing to take the time to address the pressing concerns of digital identity management, companies face the following list of consequences, which — individually or in tandem — can significantly erode competitive advantage:
Lower end-user satisfaction rates;
Lower ROI for IT assets;
Higher administrative and development costs for IT solutions;
Exposure to financial penalties for regulatory noncompliance;
Inability to react quickly to new customer, employee, and partner requirements.
Digital identity can be the key to unlocking value within the corporation, but only if senior-level decision makers learn to embrace identity as a central organizing principle. As the accompanying Executive Report demonstrates, digital identity management is not simply a way to reduce costs, reduce complexity, and address regulatory concerns, it is a way to catalyze the transformation of the enterprise into an identity-enabled virtual enterprise.
Buyers should begin by assessing what is needed for digital identity management, then investigate vendors’ offerings across the various affected business processes and functions. Once these individual process or functional requirements are developed, they can be coalesced into a set of enterprise-level requirements.
Even when the initial rollout of a digital identity management solution is limited to a single function or business process (such as logistics or bond trading), the entire set of enterprise requirements should be spelled out to the vendor. This helps avoid making a decision — based on what is needed in one function or process — that ultimately affects the entire enterprise.
The challenges for digital identity management are significant, and they emanate directly from these contending requirements for interconnectedness and security. Today’s enterprise will need to build from the current IT patchwork — based on a fragmented notion of digital identity — toward a unified framework in which digital identity is a fundamental service upon which the next generation of applications and systems can rely.
The barriers are great, but the return on the investments will be significant. Indeed, it is unclear how the enterprise of the immediate future can operate without the emergence of strong, reliable, and ubiquitous digital identity management.