'

AMP testing ID management

Wealth management giant AMP will use its Financial Services division as the test-bed for a new identity management system likely to be rolled out next year across the entire organisation. Mark Pigot, AMP's IT manager, risk management, said a "proof of concept" within the division would determine whether a wider project, designed to improve both authentication of users and assigning of appropriate access to system resources and privileges, would be approved.

Wealth management giant AMP will use its Financial Services division as the test-bed for a new identity management system likely to be rolled out next year across the entire organisation.

Mark Pigot, AMP's IT manager, risk management, said a "proof of concept" within the division would determine whether a wider project, designed to improve both authentication of users and assigning of appropriate access to system resources and privileges, would be approved.

In an e-mailed statement to ZDNet Australia, Pigot said "the proof of concept will [be completed] by the end of 2005 and we will decide if any further implementations will occur after that".

He said a review had been conducted and "a small request for proposal" issued for the proof of concept. A spokesperson for AMP said a vendor solution had not yet been selected.

Pigot said the role of the system within AMP would be to "help ensure that the right people have the appropriate access to appropriate data".

The company's 2,350 staff-strong Financial Services division provides financial planning advice, corporate and retail superannuation, retirement income, managed investments, insurance and banking to around three million customers in Australia and New Zealand. It is one of two core divisions of the organisation, the other being the AMP Capital Investors investment strategy arm.

The new identity solution is expected to replace a legacy system -- introduced under the organisation's Information Technology System Access program -- governing management of access to the provider's top 40 business applications.

Pigot earlier this month used a speech to the Information Security World Conference in Sydney to defend the selection two years ago of a legacy system to implement ITSA rather than invest in a new tool.

"…As an initiative owned and driven by the business, we have defined processes and procedures, roles and responsibilities and structures for managing access to our top 40 business applications," he said.

"Deliberately, we chose to initially implement [information technology security access] using a legacy technology solution rather than invest in a new tool.

"This has led to some problems, but (we believe importantly) directed the up-front investment where it most mattered.

"In 2005, we are now in the process of implementing a contemporary identity management technology solution and are already reaping the benefits of having a strong business and policy framework in place to drive that implementation".

Pigot told ZDNet Australia the new solution would encompass both user authentication and the assigning of appropriate resources to users, known as provisioning."The existing technology is based largely on provisioning, with authentication presently distributed across several platforms," he said.

"We want a solution that expands to address both aspects".