Identity management could backfire, analysts warn

Companies deploying an identity-management infrastructure may save money in the short term, but analysts warn that they might find themselves on the wrong side of a standards war that would cancel their original gains.

The warning comes as Microsoft, Novell and others roll out their identity-management frameworks and products. Microsoft launched its Identity Integration Server 2003 at the beginning of July, followed days later by Novell's announcement of its Identity Automation Framework. Earlier this week the Liberty Alliance -- a group of 160 companies working towards open standards for identity management -- published its guidelines for businesses developing their identity-management policy. Even Hewlett Packard has been getting in on the act, with the announcement this month that it is to buy security-software firm Baltimore's SelectAccess business -- which was losing more than £2m a year -- for £8.3m.

Analysts say identity management is one of the few technologies proven to deliver significant returns on investment. But, they warn, with so many companies touting different frameworks and solutions, enterprises should embrace the relatively immature technology with caution.

James Governor, principal analyst at Redmonk, said a significant number of calls to an enterprise helpdesk are from employees asking for replacement passwords -- after expiry or memory lapse. "Let's say every call to the helpdesk costs a few pounds; if people can help themselves online, [changing a password] will only cost 50 pence," said Governor, who added that instead of wasting time changing a password, helpdesk staff could be "working on more important problems".

Graham Titterington, principal analyst at Ovum, agrees. "The return is so impressive that recovering your outlay in 12 months is quite feasible," he said.

But Titterington warns that committing to a particular technology too early may cost companies dearly: "There is quite a gamble involved, because it's not yet clear what the winning technology will be. I wouldn't say to people, 'don't touch this with a bargepole,' but they should not be looking too far into the future."

Part of the problem is that so many of the big companies, such as Microsoft, Novell and HP, are working against each other rather than together. The Liberty Alliance is focussed on creating a solution based on open standards, but Titterington warns that although they "have a reasonably good chance of being one of the winners", with such big enemies, people should remember they could lose.

According to Titterington, companies should "do what is necessary to solve their immediate problems" but not get "too involved". However, because the whole identity management infrastructure is based around directories and PKI, he believes that for companies with an infrastructure and some associated working processes, "migration to an alternative would not be as horrific as having to start from scratch."

Let the editors know what you think in the Mailroom.