Organisations should not use identity management as a way of complying with corporate governance regulations such as Sarbanes-Oxley and Basel II. Too many identity management projects at organisations fail because of poor management, a poor link of projects to the organisation's strategic goals and a lack of vision,
That's according to Andy Woodfield, director of the IT security team at PricewaterhouseCoopers. "A lot of media and telecom businesses have grown very quickly, acquired lots of businesses and focused on growing subscriber numbers ... not necessarily on good business process controls," Woodfield said. "So now things like Sarbanes-Oxley are asking to put the controls back in place."
Woodfield, who advises organisations on identity management said that the technology could offer businesses advantages such as reducing help desk staff needed to reset passwords and increased security. Hardware costs can be reduced by consolidating ID directories and stores.
He emphasised that projects should be led by business goals, not technology. "The technology is very much a second phase," Woodfield said. "Build a good business plan."