Identity management shouldn’t be seen as a simple solution to comply with laws such as the Sarbanes-Oxley Act, says Andy Woodfield, director of the IT security team at PricewaterhouseCoopers in the UK.
“A lot of media and telecom businesses have grown very quickly, acquired lots of businesses and [are] focused on growing subscriber numbers ... not necessarily on good business process controls,” Woodfield says. “So now things like Sarbanes-Oxley are asking to put the controls back in place.”
Woodfield, who advises organisations on identity management issues, recently spoke at a half-day seminar called SunLIVE Telco and Media 2005 in London. The seminar was sponsored by Sun.
Identity management can offer businesses advantages, such as reducing the number of helpdesk staff needed to reset passwords. Increased security and hardware costs can be reduced by consolidating ID directories and stores, so saving money, Woodfield says.
But too many identity management projects fail because of poor management, a poor link of projects to the organisation’s strategic goals and a lack of vision, he says. Projects should be led by business goals not technology ones.
“The technology is very much a second phase,” he says.
“Build a good business plan.”