A “radically new approach” to identity management is needed to address increasingly complex corporate network ID and access headaches, according to leading IT chiefs.
Three-quarters of silicon.com’s 12-strong CIO Jury IT user panel said they are planning to rethink their identity and access management strategy within the coming year.
Stephen Hand, group IT director at Lloyd’s Register, said: “The number and function of IDs is growing exponentially and needs a radically new approach.”
Steve Clarke, head of internal computing at AOL UK, said: “In a Sarbanes-Oxley (SOX) controlled environment, identity management is key and right now we’re struggling under the weight of manual processes to ensure SOX compliance. We have to find a solution otherwise maintaining our SOX compliance will become a nightmare of log-checking.”
Some organisations have already started to move to new means of authentication for corporate network access. Angus Waugh, head of IT at the National Audit Office, said: “We intend to move to strong authentication in 2007 for all network access for all staff, rather than just remote access connections as at present, and I fully expect the concept of moving away from passwords to tokens to be an interesting challenge.”
Phil Young, head of IT operations at Amtrak Express Parcels, said: “We have already commenced a project to reduce the number of IDs on our systems and then we hope to take this to the next step and review access policies with a view to potentially change the usual methods of access.”
The NHS is one organisation grappling with these challenges and it admitted this week it has around eight million IDs for one million staff.
Ted Woodhouse, director of IT strategy at the Leeds Teaching Hospitals NHS Trust, said: “Anyone who looks after identity and access management and is not keeping their strategy for this under almost constant review will soon get left behind, and consequently head into potentially dangerous difficulties. It is quite likely that this lack of constant review is one of the causes of the eight million IDs alleged to exist in the NHS today.”
Graham Yellowley, director of technology at investment bank Mitsubishi UFJ Securities International, said there is a need to “go back to square one” and use identity management as the cornerstone for the range of processes such as registering new starters and leavers, access rights and single sign-on.
But most of the problems are with the end users, according to John Odell, group IT director at the BBA Group.
He said: “We shall continue to educate and monitor. I don’t see any tried technology emerging to help substantially in 12 months.”
Today’s CIO Jury was…
Paul Broome, IT director at 192.com
Steve Clarke, head of internal computing, AOL UK
Stephen Hand, group IT director, Lloyd’s Register
John Hemingway, CIO, Sheffield Hallam University
John Keeling, director of computer services, John Lewis Partnership
Colin Moore, head of IS, Department for Education and Skills
Simon Norbury, head of ICT, Westminster City Council
John Odell, group IT director at the BBA Group
Angus Waugh, head of IT, National Audit Office
Ted Woodhouse, director of IT strategy at the Leeds Teaching Hospitals NHS Trust
Graham Yellowley, director of technology, Mitsubishi UFJ Securities International
Phil Young, head of IT operations, Amtrak Express Parcels
Want to be part of silicon.com’s CIO Jury and have your say on the hot issues for IT departments? If you are a CIO, CTO, IT director or equivalent at a large or small company in the private or public sector and you want to be part of silicon.com’s CIO Jury pool, or you know an IT chief who should be, then drop us a line at firstname.lastname@example.org