I am a regular reader of the informative Network World Identity Management Newsletter by Dave Kearns.
A long time ago, Dave was onto the problem of identity data quality. Back in June 2003 he wrote an excellent post E-provisioning’s dirty little secret subtitled: First rule of e-provisioning is to ‘cleanse’ your data. In it he makes a number of excellent observations and clearly was ahead of the curve on the necessity for data cleansing and matching prior to implementing identity management system. Rather than summarize it here I urge you to take a couple of minutes to read it.
Last fall, Kearns followed up with The messiest part of identity management. Subtitled: Cleaning up before depolying identity managment. He brings this important issue back to the fore which I applaud. He also talks about some very interesting findings of some in-depth analysis by Deloitte Canada – that large enterprises are unable to match 20%+ of their active credentials to a person.
However, I do take issue with a couple of Dave’s points. One minor and one major.
First the minor issue. Actually a clarification. Dave assumed that Eurekify’s Sage is a tool to address the matching problem. I know that Ron Rymon of Eurekify did not make this claim but, was only passing on what he thought were very interesting findings from Deloitte. Sage is a solid role management tool and like most identity tools, needs to be fed corrected and matched identity data to do it’s work properly. Otherwise you get garbage-in, garbage-out. We in fact provide the tools behind Deloitte’s enterprise identity matching services referred to in this article. Eurekify looks to Deloitte to do this cleansing and matching.
The second is a more significant disagreement. Again, I think Dave Kearns is getting caught by assuming again. Not only did he assume that Eurekify had a solution, he goes on to claim that the other provisioning vendors have tools or can recommend tools to solve the cleanup and matching problem. This I think is misleading.
While provisioning vendors generally have tools which help in automatic matching based on reliable rules, they cannot effectively deal with the real world mess that legacy credentials are in. In fact Deloitte has found that 20% plus of the credentials in a large organization are still unmatched, even after cleansing and automatic matching. What is left is a huge manual effort of many man years to clean this up.
Our True_Identity Enterprise Identity Matching solution is designed to deal with these difficult to match credentials. We use special tools and techniques (Forensic Matching and Adjudication systems) in addition to the normal data quality and automatic rule based matching. This significantly cuts down on the normally huge manual effort at this stage.
As one example, Sun (who are among the leaders in the provisioning area) was not able to help Frank Ma at Petro Canada with this problem despite the fact that he had their full tool set and resources available to him.
Bottom line. Dave, three cheers for getting awareness on the identity cleansing and matching issue. However, you should know that effective solutions are not as widely available as you think.
