ABSTRACT
Organizations finding themselves pushed further and further onto the Internet for electronic business are
exposed to heightened risk to information security and have greater concerns for data protection and
compliance with the ever-emerging and ever-evolving legislation and regulations regarding privacy, data
protection, and security. Additionally, customer-facing portals and complex Web services architectures
are adding a new complexity to information technology and making it more difficult to protect
information. Managing access to information also becomes increasingly more difficult as security
administrators struggle to keep up with new technology and integrate it into existing administrative
functions. As organizations continue to pursue new business opportunities, move operations off-shore,
and out-source day-to-day operations and development support, the “key to the kingdom” and their
information assets are increasingly at risk. No question, the business imperative supports accepting and
mitigating this risk, thereby further enabling organizations to partner and team externally and
electronically with business partners, customers, suppliers, vendors, etc.; however, if organizations
wade into this environment blindly, without upgrading the existing information security infrastructure,
technologies, tools, and processes, they may inadvertently put their organization at risk. Organizations
that embark on identity management implementations, not just for compliance projects but as their core
underlying security infrastructure, will ensure consistent, standard, and compliant security solutions for
the enterprise.