The warning comes as Microsoft, Novell and others roll out their identity-management frameworks and products. Microsoft launched its Identity Integration Server 2003 at the beginning of July, followed days later by Novell's announcement of its Identity Automation Framework. Earlier this week the Liberty Alliance -- a group of 160 companies working towards open standards for identity management -- published its guidelines for businesses developing their identity-management policy. Even Hewlett Packard has been getting in on the act, with the announcement this month that it is to buy security-software firm Baltimore's SelectAccess business.
Analysts say identity management is one of the few technologies proven to deliver significant returns on investment. But, they warn, with so many companies touting different frameworks and solutions, enterprises should embrace the relatively immature technology with caution.
James Governor, principal analyst at Redmonk, said a significant number of calls to an enterprise helpdesk are from employees asking for replacement passwords -- after expiry or memory lapse. "Let's say every call to the helpdesk costs a few [dollars]; if people can help themselves online, [changing a password] will only cost [about AU$1.25]," said Governor, who added that instead of wasting time changing a password, helpdesk staff could be "working on more important problems".
Graham Titterington, principal analyst at Ovum, agrees. "The return is so impressive that recovering your outlay in 12 months is quite feasible," he said.
But Titterington warns that committing to a particular technology too early may cost companies dearly: "There is quite a gamble involved, because it's not yet clear what the winning technology will be. I wouldn't say to people, 'don't touch this with a bargepole,' but they should not be looking too far into the future."
Part of the problem is that so many of the big companies, such as Microsoft, Novell and HP, are working against each other rather than together. The Liberty Alliance is focussed on creating a solution based on open standards, but Titterington warns that although they "have a reasonably good chance of being one of the winners", with such big enemies, people should remember they could lose.
According to Titterington, companies should "do what is necessary to solve their immediate problems" but not get "too involved". However, because the whole identity management infrastructure is based around directories and PKI, he believes that for companies with an infrastructure and some associated working processes, "migration to an alternative would not be as horrific as having to start from scratch."
Excuse me but analysts should know that Novell solutions work perfectly well with, within and on Microsoft environments and lots of other environments as well.
Novell has moved way beyond products like "NDS for NT" and SingleSignOn and now handles almost anything that has a directory or a database and makes them work together.
Ever heard of "Zero Day Start"? Ever wondered how Novell employees do their work? You might want to know about that before making a choice.
Also, the safest bet for Identity Management that works with anything is and will be coming from Novell. They aren't the only quadrant leader in that area for nothing.