CIOs Face Identity Crisis

LOST WAGES, Nev. -- Interop -- Lack of effective identity management products was cited as a major headache by IT managers and CIOs at this week's Interop event in Las Vegas.

With the reverberations from the high-profile security breaches at ChoicePoint and LexisNexis still rumbling, users are clearly devoting some serious thought to securing key data (see LexisNexis Begins Mailing Notifications).

Identity management, in particular, has been attracting a great deal of attention over recent months, as vendors roll out products to control who gets access to what across enterprise IT systems (see Identity Management Heats Up).

However, IT execs at Interop warned that existing products do not offer the breadth of functionality they need. Brad Senff, the chief technical officer at Phoenix-based Internet service provider Cybertrails [...to yoooou, until we meet again...] bemoaned the lack of an all-in one identity management solution. There’s no catch-all solution,” he says. “Everyone is looking for it, but it doesn’t exist."

A CIO from the healthcare sector, who asked not to be named, agrees that there are shortcomings in current off-the-shelf products. “They provide the applications and security infrastructure,” he says, "but they are less flexible in terms of data controls."The CIO admits he's having trouble finding identity management products that can also effectively manage the data held in his company’s databases.

So, what is he doing to solve this problem? “Most of the stuff that we have built is home-grown,” he says. “We’re building an entire structure to handle Sarbanes-Oxley, the Health Insurance Portability and Accountability Act, and FDA compliance, and that will handle identity management.”

Following the breaches at ChoicePoint and LexisNexis, the U.S. Government now looks set to float a boat of new legislation to protect individuals’ identity data. A number of organizations are now wrestling with the challenge of improving their security stories (see Don't Be a Data Privacy Dunce).

Dr.Carl Powell, the CIO of Cuyahoga Community College in Ohio, tells NDCF that his organization has already overhauled its data strategy. Rather than using students’ social security numbers for identification purposes, Cuyahoga has instead opted to use unique student IDs, which Powell says offer a greater degree of security.

— James Rogers, Site Editor, Next-Gen Data Center Forum0