Business Innovation Homepage > Governance

Knowing who has access to which systems and information at any time is a critical element of corporate security. Identity management has taken on a greater sense of urgency at many organizations in recent years, largely because of the rise of identity theft as a security problem and the need to put in place greater controls to comply with government regulations.

“On a continuous basis, IT administration and management needs to be able to demonstrate to auditors who has access to what applications and data, when and why,” says Andras Cser, senior analyst, security and risk management at Forrester Research.”

Companies in industries such as financial services and health care need to be especially diligent about identity management. The financial companies hold information that can be a prime target for hackers and other intruders, and health-care providers need to be diligent about protecting patient information for privacy reasons. But organizations in every sector are taking steps to safeguard their systems, applications and data from unauthorized access.

It’s no surprise, then, that identity and access management software is becoming an essential weapon in the information security arsenal.

The software verifies the identity of users such as employees, business partners and customers, and provides controls over which applications and information people can access.

Research from IDC shows that total worldwide revenue for identity and access management was about $3 billion in 2006 and is expected to grow to more than $4.9 billion by 2011. Providers of identity and access management software include companies such as RSA, VeriSign, CA, IBM, Hewlett-Packard, SafeNet, Novell and Sun Microsystems.

Among the key factors driving the growth of the market is the need to comply with regulations such as Sarbanes-Oxley, which requires public companies to back up their financial statements with proof of the procedures and controls in place, and the Health Insurance Portability and Accountability Act (HIPAA), which requires companies to protect patient information.

Organizations are using identity and access management products to help manage the identities of systems users. At large enterprises, the number of people who need various levels of access to data can be in the thousands. The task of managing identities can be especially complex when access privileges change frequently, and automating the function of providing access can save a considerable amount of time and labor costs.

Identity management software helps organizations quickly create and update accounts and passwords for employees and other users, such as customers and partners. The products are useful not only for providing appropriate access, but for quickly removing such access when an employee leaves company.

Since the process of granting and changing access privileges is automated, there’s less likelihood of errors and delays. The software can help reduce the amount of time IT spends on access issues, enabling staffers to work on more strategic projects. Some of the products enable companies to produce reports about access rights, as well as audit trails that can be used to determine the level of security.

The software can be particularly useful for small and midsize businesses that are growing rapidly and frequently adding new employees.

Click here for more Governance articles