GOOD GUYS and bad guys, insiders and outsiders – it sure is tough to tell them apart these days! As more businesses realize the importance of establishing trusted identities for their employees, partners and customers, a key question becomes, How do we convince our executives of the need for identity management solutions?

For CIOs, the challenge of managing identities is becoming increasingly more complicated in today’s diverse, multivendor architectures. The typical company usually has an infrastructure that includes a variety of operating systems, hardware vendors and
directory services. It also typically has packaged applications like SAP, Oracle and Siebel, as well as a smorgasbord of homegrown applications. But guess what? When it comes to accessing information via your portal solution, customers and business partners don’t
care what’s going on “behind the architectural curtain.” Complexity is your problem to solve, not theirs.

So, what’s a CIO or CISO to do? Reduce your complexity with a centralized solution that can manage identities, perform authentications and authorize access for your users across your diverse infrastructure.Your challenge is to find the right solution, and then to convince senior management of its benefits and value to the business.

In the past, people tended to look at security as a defensive necessity. But enlightened practitioners now recognize it as a business enabler — exactly the message senior management needs to hear. And identity and access management (I&AM) is probably the
epitome of a business enabler!

Specifically, there are four possible benefits that an I&AM solution can provide for your business:

• Increase revenue
• Decrease expense
• Ensure regulatory compliance
• Mitigate risk

Let’s take a look at each of these in a bit more detail in our attempt to understand the ROI. Increased revenue is pretty clear. Metrics can be established for the number of new customers, cross-selling success with existing customers, improved reorder rates for existing customers and the like. But what really can grease the skids for this increase in revenue is a top-notch customer experience when accessing and navigating your Web site and portal. Single sign-on or reduced sign-on is critical. Strong authentication
of users is the basis for establishing granular levels of access and for provisioning of premier, differentiated services based upon customer specific profiles. People expect a secure, customized experience when they hit your site. Providing it can also lead to increased customer satisfaction and a resulting increase in revenue.

Expense reduction opportunities from identity management tend to come from internal efficiencies. There is real money to be saved by simplifying your identity management processes. This can be done by consolidating technologies, eliminating platform-specific point solutions and developing a consistent, enforceable security policy across your diverse infrastructure. Many legacy infrastructures require multiple passwords, multiple forms of authentication and “one-size-fits-all” services. This is expensive to manage, and fraught with peril when it comes to efficient and secure lifecycle management of identities.

Measuring the benefits of compliance is more challenging, but the laws and regulations themselves sometimes provide figures that you can use when calculating ROI. For example, some laws include financial penalties for failure to secure access to personal or medical information. There may also be terms in your contracts with partners, suppliers and customers assessing monetary damages for noncompliance with contract terms.

Finally, mitigating risk is maybe the hardest benefit to precisely measure, yet it can be a very valuable byproduct of an effective I&AM strategy.

Once you understand the value proposition provided by identity management, the next issue is to find the right solution. So, do you build it or buy it? You need to ask yourself, “Is building and supporting this stuff one of my team ’s core competencies?” The short answer today is usually ‘No’ — buying the solution is the way to go.

Measuring success is different than estimating ROI. It starts with a clear vision of success — what you ’re trying to achieve, what problem you are trying to solve. For example, if your key goal is to reduce expenses by simplifying and streamlining your identity management process, then you can measure how many technologies or point solutions you succeeded in eliminating, along with the associated cost savings in resources and related expenses. Or, you can measure how many digital identities are stored in one or two key directories,rather than the dozen or more that you used to support.