In my day to day efforts to solve enterprise identity matching problems, one of the biggest obstacles is getting people to realize they have a problem. One of the reasons that this issue is little known is that until you actually have to install a large identity management project, you can ignore the issue. Very few organizations have got to that stage. IE. very few organizations have actually implemented large, multi-system identity management solution where legacy credentials are involved.
Once you get to the stage of having to load in legacy credentials, the problem comes front and center. Recently I have been trying to find public examples to prove this point. In this post, I discussed how Frank Ma of Petro Canada urges all to plan on the difficult matching issue before you are too far into the project.
Since that post, I have listened to another panel discussion from Digital Identity World’s, Sept. 2006 conference. One Sept. 12th, 2006 panel was called Questions We Now Know We Should Have Asked: A Customer Panel. The participants were: Bob Blakely, Burton Group, Moderator; Heidi Kujawa, Sony Pictures Entertainment; Mike Ruman, Grant Thornton, LLP; and Ken Lobenstein, Continuum Health Partners. The presentation PDF can be found here and the full audio here.
I urge you to listen to the whole talk as it is always very instructive to hear what people who have actually done a project have to say. This is where the reality vs. theory gets heard.
Here are some highlights of the audio. I have indicated approximate minutes in the audio and have tried my best to transcribe the quotes with a semblance of context. Listen to it yourself to get the full impact.
17:44 Heidi Kujawa
We are still after a year and a half later still dealing with data integrity issues and data cleansing is just going have to be part of the program – just be aware of that.
36:40 Ken Lobenstein
…the amount of time they need to spend to make sure the data goes in clean is not something we expected and that is part of the infrastructure cost of the system – we didn’t plan for that
37:40 Mike Rumen
(referring to HR taking the burden to clean up their data source) ..it’s been a year now since we implemented and they have beefed up that staff and they are taking charge of that data…there is still some clean up going on in that area though
40:47 Ken Lobenstein
(referring to the balancing act and trade offs and how data cleanup and matching is taking away from project goals )…do I focus all my attention at the front end on cleaning up my data….(referring to variation in attribute data not matching identity) when is matching, matching and when is matching database building…
42:18 Heidi Kujawa
(again talking to the trade offs of data getting in the way of the ‘real’ project).. data integrity clean up, do we continue to focus on that? We’ve got to figure out a way to improve efficiencies in the process and keep the data clean in parallel because all the work we have done would be for naught…
The pattern I see here, which is consistent with all the other cases I have seen, is that the quality of data in legacy (and even new) access credentials is not good enough. This causes many issues in trying to match identities together. In this panel, all agreed it was a big impediment to the success of the project. They all felt they had not anticipated this problem. All seemed to indicate that they had yet to match all their identities and are still wrestling with this problem (I am reading a bit between the lines here but, I think I am right about this.)
