Backbone is about business, technology, lifestyle, innovation, bold ideas, trends and events
Focus on data management | March 31, 2009
PDF version - page 1 (60KB)
PDF version - page 2 (60KB)
Implementing identity and access management
Issues addressed can include regulatory compliance, application and user silos, credential managemet, entitlements management and user pluralism
Bell defines identity and access management (IAM) as the set of business processes, including people, policies and technology, used for the creation and use of digital identities for the full user lifecycle. IAM is not a monolithic solution, explains Stéphane Boisvert, President, Bell Enterprise Group. Rather, through IAM Bell offers its enterprise clients a series of end-to-end technology solutions supported by expert consultants able to address the variety and full range of business needs.
For instance, Chris Sicard, Practice Leader and Senior Architect with Bell Enterprise Group’s Identity Management Services explains that he has identified a series of business problems that most organizations face with regards to IAM. These include: regulatory compliance, application and user silos, credential management, entitlements management and user pluralism.
The first two questions all businesses must ask themselves are, “Does your company comply with the regulations that it has?” and “How do you prove this compliance?” Within regulatory compliance an enterprise must consider a number of factors including financial regulations, privacy laws and other legislation, third-party regulators and corporate policies.
The second business problem, coined application and user silos, refers to the challenges an organization faces when attempting to implement common policies across business units or user groups for a litany of applications, each with its own specific user repository (or silo). “From a business perspective, there is typically a blend of Web applications, such as web 2.0 along with legacy applications,” Boisvert explains.
Next, a company must consider credential management. This theme can be divided into four categories: proliferation of credentials (dealing with multiple credentials and accounts for each employee), credential lifecycle (creation, use and retirement), password management (recovery systems and password policies), and audit trail (monitoring and tracking). Awareness and monitoring of the credentialing system of the company is part of an effective risk management process.
The fourth business problem is commonly referred to as entitlement management and addresses the specific entitlements or permissions individual users have once they gain access to particular networks or applications. As users move throughout roles in an organization, permissions must be updated and monitored to ensure appropriateness of access to information.
Finally, user pluralism addresses whether each individual user experience is an asset or liability. “If you have more than one user class (i.e. employee, partner and consumer) then you’ll be dealing with different privacy and security policies for each and will have different registration and enrollment processes,” explains Boisvert. “For certain users you may need to simplify the system, allowing for single sign-on in order to prevent the forgetting of passwords.”
Solutions for identity and access management, Sicard adds, can be divided into three categories. The first, digital ID management, allows the organization to assign, modify and delete each individual employee’s accounts, credentials and permissions. The second, access control, allows the organization to determine whether a specific employee is authorized to access a resource, authentication process or authorization process. And administration and audit relates to providing administration, audit and attestation tools used to apply the principle of least privilege access, separation of duties to ensure appropriate entitlements for each employee.
Benefits regarding identity and access management protocols can be defined as tangible and intangible. Tangible benefits include cost reductions, which result from the need for less administration and fewer user license fees. Also, Boisvert explains, a single, integrated system can allow for monitoring of only relevant users, ensuring that phantom users and accounts cease to exist.
Intangible benefits are diverse and powerful with respect to identity and access management protocols. They include legislative compliance as well as sound risk-management systems. The user experience is also enhanced by a systematic approach to identity safety as peace of mind, which enables the user to act freely in a secure environment. Growth of the business is inherently supported by appropriate systems and functionality can support leadership as well as delegation of authority.
According to Boisvert, a methodology should be employed by the firm to optimize benefits of implementing a strategic IAM system. A systematic approach anchored in strong governance and program to a technological implementation can provide the organization with tangible and intangible benefits that support long-standing and viable solutions to enterprise risk and data controls.
Contact Bell
What can your business do with more Insight?
Data hold a great deal of untapped business value
While many organizations consider data to be a corporate asset, the real value of data is not realized until it is translated into information and knowledge. “The challenge many organizations are facing today is that while a great deal of data is being collected, up to 80 per cent of it can be unstructured and thus difficult to gather insight,” says Suresh Nair, Director of Strategy, Canada with Pitney Bowes Business Insight.
“The problem is, there is a lot of unmanaged and uncertified data sitting in corporate PCs and mobile devices,” says Nair. While employees spend valuable time collecting data and then running searches, reports and conversion, there is great duplication. There are often hundreds of structured customer address tables and potentially thousands of unofficial customer address lists hiding in PCs and mobile devices, making it hard to find the single version of truth about customers’ whereabouts. “So, how do you harness that information to create knowledge and bring about a return on investment (ROI)?” Nair asks.
Managed data, and information about that data (metadata), allow users to access the right information at the right time, which leads to fact-based decision-making. The ability to make decisions based on analytics and well-mined data is often much more effective than intuition based decision-making.
Pitney Bowes Business Insight offers its customers an array of location intelligence, data quality, customer intelligence and communication management capabilities which will increase the accuracy and effectiveness of customer information delivery, therefore driving better business decisions. The intention is to encourage more effective use of technology and processes in order to allow for better management of data and documents through organizational integration of the corporate knowledgebase.
Studies indicate that 20 per cent of companies effectively use information tools. Proliferation of data, which increasingly includes maps and images and powerful desktop software such as Excel and Word, means that employees can collect and process data and documents like never before. As a result, terabytes of information are being collected, archived and stored with no readily accessible added value to the corporation. “Industries need to take a leadership role in defining data standards and corporations need to invest in data, analytics and process management infrastructure that is capable of handling information,” Nair says, “as well as educating stakeholders on how to harness the power of unstructured data.”
Once a corporation has invested in data management infrastructure, it doesn’t make sense to make major cuts, especially regarding support of the infrastructure, regardless of the economic situation. “In order to survive in this day and age, you have to be the most responsive to whatever the economic environment dictates.” Despite the costs associated with infrastructure maintenance and up-keep, the value, opportunity and ROI achieved will help keep the organization afloat. Also, it is insufficient to deem data management as simply an information technology problem, but rather it should be considered within the context of enterprise and business solutions. The streamlined flow of data and underlying workflow processes means cost reduction for operations, revenue enhancement for marketing and sales, and reduced risk for the privacy department.
“Like a multicultural city, there will always be different data solutions, formats and languages,” says Nair. “But it all has to work together to a point where if someone asks a question—such as, who are the top 100 customers in this corporation?—they will be able to extract the information and receive an appropriate answer.”
Contact Pitney-Bowes: 1-800.268.DATA
Supplements Archive
PDF version - page 2 (60KB)
Implementing identity and access management
Issues addressed can include regulatory compliance, application and user silos, credential managemet, entitlements management and user pluralism
Bell defines identity and access management (IAM) as the set of business processes, including people, policies and technology, used for the creation and use of digital identities for the full user lifecycle. IAM is not a monolithic solution, explains Stéphane Boisvert, President, Bell Enterprise Group. Rather, through IAM Bell offers its enterprise clients a series of end-to-end technology solutions supported by expert consultants able to address the variety and full range of business needs.
For instance, Chris Sicard, Practice Leader and Senior Architect with Bell Enterprise Group’s Identity Management Services explains that he has identified a series of business problems that most organizations face with regards to IAM. These include: regulatory compliance, application and user silos, credential management, entitlements management and user pluralism.
The first two questions all businesses must ask themselves are, “Does your company comply with the regulations that it has?” and “How do you prove this compliance?” Within regulatory compliance an enterprise must consider a number of factors including financial regulations, privacy laws and other legislation, third-party regulators and corporate policies.
The second business problem, coined application and user silos, refers to the challenges an organization faces when attempting to implement common policies across business units or user groups for a litany of applications, each with its own specific user repository (or silo). “From a business perspective, there is typically a blend of Web applications, such as web 2.0 along with legacy applications,” Boisvert explains.
Next, a company must consider credential management. This theme can be divided into four categories: proliferation of credentials (dealing with multiple credentials and accounts for each employee), credential lifecycle (creation, use and retirement), password management (recovery systems and password policies), and audit trail (monitoring and tracking). Awareness and monitoring of the credentialing system of the company is part of an effective risk management process.
The fourth business problem is commonly referred to as entitlement management and addresses the specific entitlements or permissions individual users have once they gain access to particular networks or applications. As users move throughout roles in an organization, permissions must be updated and monitored to ensure appropriateness of access to information.
Finally, user pluralism addresses whether each individual user experience is an asset or liability. “If you have more than one user class (i.e. employee, partner and consumer) then you’ll be dealing with different privacy and security policies for each and will have different registration and enrollment processes,” explains Boisvert. “For certain users you may need to simplify the system, allowing for single sign-on in order to prevent the forgetting of passwords.”
Solutions for identity and access management, Sicard adds, can be divided into three categories. The first, digital ID management, allows the organization to assign, modify and delete each individual employee’s accounts, credentials and permissions. The second, access control, allows the organization to determine whether a specific employee is authorized to access a resource, authentication process or authorization process. And administration and audit relates to providing administration, audit and attestation tools used to apply the principle of least privilege access, separation of duties to ensure appropriate entitlements for each employee.
Benefits regarding identity and access management protocols can be defined as tangible and intangible. Tangible benefits include cost reductions, which result from the need for less administration and fewer user license fees. Also, Boisvert explains, a single, integrated system can allow for monitoring of only relevant users, ensuring that phantom users and accounts cease to exist.
Intangible benefits are diverse and powerful with respect to identity and access management protocols. They include legislative compliance as well as sound risk-management systems. The user experience is also enhanced by a systematic approach to identity safety as peace of mind, which enables the user to act freely in a secure environment. Growth of the business is inherently supported by appropriate systems and functionality can support leadership as well as delegation of authority.
According to Boisvert, a methodology should be employed by the firm to optimize benefits of implementing a strategic IAM system. A systematic approach anchored in strong governance and program to a technological implementation can provide the organization with tangible and intangible benefits that support long-standing and viable solutions to enterprise risk and data controls.
Contact Bell
What can your business do with more Insight?
Data hold a great deal of untapped business value
While many organizations consider data to be a corporate asset, the real value of data is not realized until it is translated into information and knowledge. “The challenge many organizations are facing today is that while a great deal of data is being collected, up to 80 per cent of it can be unstructured and thus difficult to gather insight,” says Suresh Nair, Director of Strategy, Canada with Pitney Bowes Business Insight.
“The problem is, there is a lot of unmanaged and uncertified data sitting in corporate PCs and mobile devices,” says Nair. While employees spend valuable time collecting data and then running searches, reports and conversion, there is great duplication. There are often hundreds of structured customer address tables and potentially thousands of unofficial customer address lists hiding in PCs and mobile devices, making it hard to find the single version of truth about customers’ whereabouts. “So, how do you harness that information to create knowledge and bring about a return on investment (ROI)?” Nair asks.
Managed data, and information about that data (metadata), allow users to access the right information at the right time, which leads to fact-based decision-making. The ability to make decisions based on analytics and well-mined data is often much more effective than intuition based decision-making.
Pitney Bowes Business Insight offers its customers an array of location intelligence, data quality, customer intelligence and communication management capabilities which will increase the accuracy and effectiveness of customer information delivery, therefore driving better business decisions. The intention is to encourage more effective use of technology and processes in order to allow for better management of data and documents through organizational integration of the corporate knowledgebase.
Studies indicate that 20 per cent of companies effectively use information tools. Proliferation of data, which increasingly includes maps and images and powerful desktop software such as Excel and Word, means that employees can collect and process data and documents like never before. As a result, terabytes of information are being collected, archived and stored with no readily accessible added value to the corporation. “Industries need to take a leadership role in defining data standards and corporations need to invest in data, analytics and process management infrastructure that is capable of handling information,” Nair says, “as well as educating stakeholders on how to harness the power of unstructured data.”
Once a corporation has invested in data management infrastructure, it doesn’t make sense to make major cuts, especially regarding support of the infrastructure, regardless of the economic situation. “In order to survive in this day and age, you have to be the most responsive to whatever the economic environment dictates.” Despite the costs associated with infrastructure maintenance and up-keep, the value, opportunity and ROI achieved will help keep the organization afloat. Also, it is insufficient to deem data management as simply an information technology problem, but rather it should be considered within the context of enterprise and business solutions. The streamlined flow of data and underlying workflow processes means cost reduction for operations, revenue enhancement for marketing and sales, and reduced risk for the privacy department.
“Like a multicultural city, there will always be different data solutions, formats and languages,” says Nair. “But it all has to work together to a point where if someone asks a question—such as, who are the top 100 customers in this corporation?—they will be able to extract the information and receive an appropriate answer.”
Contact Pitney-Bowes: 1-800.268.DATA
Supplements Archive
