In today’s increasingly complex web of e-Business technologies and systems, organizations are finding that they need more clarity of vision in their strategic technology plans. Unfortunately, the landscape is full of differing answers and the challenge is finding the right path to follow. In the
world of Enterprise Access Management (EAM) organizations are being told that they can have single-sign on user authentication through their corporate portal to all of their back end web-applications. And they can, with a little helpful advice along the way.
The problem with EAM is not the technical capabilities of the products, but the differing expectations by buyers of what it will really deliver. The benefits are already well appreciated: strong and consistently applied security and control, roles-based access, distributed administration, user self-registration, content personalization, automated user provisioning, fewer user ID and password resets and a lower total cost of ownership.
The increasing risk and mounting cost of security is forcing organizations to look for better ways to optimize and leverage a common security platform across the organization without repeating the effort each time a new application or service is offered to employees, customers or business partners. For this reason alone, thousands of organizations have begun to invest in EAM technologies to grapple with might be the most pervasive and costly problem they face today.
The need most organizations face
There are several concepts that access management solutions attempt to address. One needs to appreciate that there are two halves to any solution in this space. The first and obvious is the delivery of a common access control and authentication mechanism. This is the process by which an employee or customer is required to provide credentials to identify themselves uniquely which allows them to use the applications for which they are authorized. This is often confused with single sign on, which is in fact an extention of access control whereby they only do that once for all applications. Authentication really refers to the degree to which a user is asked to provide those credentials. This can range from something as lightweight as a user ID and a password to what is referred to as strong authentication that might be a token (secure ID card, digital PKI certificate, etc.) or something like a biometric signature (thumbprint, retina scan, facial recognition, etc.). In order for any solution to validate these credentials, it needs to be done against a secure data repository of the valid users for the environment. These repositories are more commonly being kept in directories, a technology that allows for very rapid look-up as opposed to databases that allow for very rapid update, but relatively slow look up.
The problem with these directory-based user stores is that they can become out of date in a hurry if significant changes occur in th