TVR Crosstalk Report – Identity Management and Data

Authors:

Gary Rowe
CEO, Principal Consulting Analyst

Noreen Kendle
Principal Consulting Analyst

Bill Bonney
Principle Consulting Analyst

Moderated by Ted Ritter, VP Product and Market Development

What are the connections between identity and data in the enterprise? When one protects identity, they are really protecting data: data that is a representation of the identity. Unfortunately, as discussed in this new CrossTalk report by TechVision Research most organizations don’t have data management and even when they do have data management, the identity data is usually left out of the discussion. At TechVision Research we continually see data mismanagement undermining all aspects of the business function. As Noreen Kendle has experienced “data mess-up is equal opportunity across all types of data.” Noreen goes on to say “I’ve seen companies overwrite big text fields with identity-related information primarily because they don’t want to stop and enhance the database schema and structures: this includes credit card numbers, social security numbers, etc.” Obviously, this is a huge privacy issue because the fields are not flagged as privacy-related and the IT staff is oblivious to the situation. Bill Bonney speaks from experience building an IAM practice as he “agrees that overloading is an issue.” But, as Bill likes to point out, “It’s not just overloading, it’s making assumptions about what is in a field and assumptions about how the field is evaluated and before you know it you have sub-processes built up around a falsely validated field.” This establishes a false foundation that eventually causes the entire trust chain to break. As Bill states, “inevitably, someone will use the data based on how it was first created (the field label of record).” This is a symptom of a far greater problem. There is a huge assumption made by IT staff and the IAM tools they use that the data fields are accurately representing the data stored in the field. This just isn’t so! Given this reality of identity and data mismanagement in the enterprise, this report focuses on the following key concerns:

• The evolution of identity data as its own domain
• The impact of silos on identity data management
• The potential of virtual directories as an identity data management approach
• The impact of data reuse on identity and the resulting authenticity decay
• Identity data governance: is built on a foundation of quicksand

There are things organizations can be doing today to address these concerns. Specifically, this report discusses a five-step program for data governance based on the team’s experience working with F1000 enterprise.