(This is a first pass definition. I will refine this over time and update the definition on this page)
The Problem
Within enterprises, people have multiple access credentials ( mostly user-name and password ). This is particularly true of organizations that have a number of legacy systems, which have been build over the past many years with no concern for the Internet or even working with each other. Each will have a separate credential.
Over time employees will accumulate many different credentials, some which they no longer need, or no longer should have given their current role with the company. Worse yet, when people leave the organizations, often their access remains. This is primarily due to the fact that many are the champion of provisioning new access but, no-one is the champion of de-provisioning.
The result is a large number of active credentials (about 20%) in most organizations are NOT traceable to a person. Simply, they cannot answer the question: “who does this credential belong to”. This fact undermines identity management and compliance activities in most large organizations and is a significant source of risk for organizations and those that they serve … which is about all of us.
The Solution: Enterprise Identity Matching
Enterprise Identity Management is the combination of tools and processes an organization uses to investigate and unambiguously match all their active access credentials to a person, group, or system.
It is my tenet that this problem is pervasive and significant in large organizations. The solution is non-trivial. I also believe that by better understanding the true nature of the problem and using purpose built tools and techniques, this problem can be overcome with a modest investment of time and money. This blog is focused on the exploration of this problem and possible solutions.
