Black Sheep or Green Fields?
Just got into a fun discussion at the Peerlyst site on an extended identity management topic.
The question triggering this discussion is: “IAM folks – Who “owns” non-employee identities at your company? Are they entered into the HR system (or some other system of record) or are they the “black sheep” of the organization and are relatively unmanaged by a central authority?”
My take: “That depends, of course. We see all sorts of doings in our client environments. External identities can be either a cost/security/privacy problem, or they can be a new business opportunity. Organizations that invest in external identity solutions (generally by extending their data models, protocol capabilities, and trust relationships in a well-architected manner) stand to reduce risks open doors of opportunity. But such programs have to be well-aligned with business needs.”
Peerlyst is a network of security professionals dedicated to making its members’ jobs easier by giving them a place to find and compare security solutions – and learn from their peers’ real-world experiences. I’d heard about the site before but this is the first time I visited it. Let’s see what develops with the discussion.
There’s a lot to say on the topic, starting with the question of whether one should even use the term “extended identity management.” What do you think? Can one really *manage* identities external to one’s organization, or just relate to them?