“Hitting the Wall” with Identity Management?

ICSynergy and Sun help customers get to the next level - faster and for less

"Customers are hitting the wall," says Chief Technology Officer Martin Gee of Plano, Texas-based Sun Partner ICSynergy, "as they try to take the next steps toward the second critical phase of identity management in their organizations."

Within the last three years, Gee has observed that customers that successfully implemented identity management (IdM) solutions have been increasingly stymied by the apparent "cost and time-consuming nature of getting to what we call phase two: wrapping the rest of their key departmental and other applications into the IdM fold." Phase one initiatives have included securing and simplifying user access to core systems of record (like HR systems); streamlining the provisioning process for IT; and complying with regulations like the Sarbanes-Oxley Act (together with a growing host of other federal and international laws).

The benefits of getting to "phase two": It's not just about compliance

Gee (who founded ICSynergy) and Managing Partner Mike Thompson have been deeply involved in identity management (IdM) technology for nearly 10 years: first as senior-level users of Sun's early IdM solutions in industry, then as developers and implementers of their own "out-of-the-box" IdM solutions. "Our IdM products work exclusively and in a totally integrated way with the Sun Identity Management product line," says CTO Gee, "to enhance the value, simplicity, and speed of delivery of the Sun IdM suite. The combined ICSynergy and Sun approach is both flexible enough to meet immediate customer needs and scalable enough to address the demands of the future."

"Bottom line," says Thompson, "we deploy our ICSynergy product suite" together with Sun IdM products like Sun Identity Manager and Sun Role Manager to provide "the fastest, least expensive route to compliance. … But it's not just about compliance. It's about driving down costs and providing the lowest total cost of ownership for this technology. … A lot of our customers come to realize the cost savings as byproducts from being compliant. This has been the experience of our seasoned technical consultants - many of whom came to us from Fortune 500 firms where they served as senior-level IT and business executives."

Real-world customer IdM challenge

Like many organizations that have successfully completed "phase one" IdM solutions - incorporating core enterprise applications like HR and email systems - but that are now seeking ways to integrate important departmental, or even home-grown applications into the IdM framework, one of ICSynergy's clients, a major international airline, sought the Sun Partner's help to get to phase two. First, the airline needed to deploy a new core enterprise user directory to airport locations worldwide, then integrate Sun Ray thin client workstations with the new directory. Finally, the entire set of supported applications had to be wrapped within its integrated Sun Identity Manager and Sun Role Manager architecture.

Enabling the automated access provisioning through the Sun Identity Manager software solution was thought to be more than a six-month project. Yet the airline had a much more aggressive business-driven deadline. Management wanted to develop the access-request and approval workflow for the enterprise solution and have several hundred accounts provisioned and ready to go live within just two weeks -- all for less than 80-man hours of effort.

Armed with its proprietary icRARE software and methodology, ICSynergy picked up the gauntlet. The ultimate implementation combined icRARE and Sun Identity Manager software together with Sun Role Manager software to define access roles and rules, and to implement a governance process for managing access to enterprise resources. The rules and roles defined by Sun Role Manager were then implemented using the icRARE software and Sun Identity Manager. But because the icRARE workflow solution is already integrated with Sun Identity Manager software and offers automated access request and approval processing, ICSynergy was able to complete the project within the two-week deadline.

"One of the keys to the speed with which these kinds of IdM implementations can be delivered," Gee explains, "is that, for the most part, we can leverage the skills of business analysts and others without IdM expertise - in contrast to the traditional teams made up of seasoned IdM architects and developers. This automated, simplified approach results in IdM solutions provided at a fraction of the usual time and cost. … As just one example of the cost-effectiveness of the icRARE methodology, our airline customer was able to recognize a two-week payback on their investment in request processing," says Gee.

Sun partner advantage

"We've made a point of applying our 10 years of experience combined with our own IP and Sun's IdM solutions to deliver this accumulated expertise to clients in the federal government, finance, retail, manufacturing and telecom segments, among others," says Thompson. "What's more, we've focused on developing truly repeatable Identity solutions for them, so that our customers can gain access to better and faster paths to security, compliance, and to lower total cost of ownership than they could get anywhere else. In addition to our absolutely unique products, we offer uniquely valuable perspective to our customers. Because we've been where they are. We're not just consummate consultants; many of our senior architects have worked in industry in the same roles, and wrestled with the same problems our customers are struggling to solve. So we built our solutions to solve those real-life challenges. That's the ICSynergy advantage."

What's next? Bridging the gap …

"One of the other strategic challenges ICSynergy and Sun are helping customers solve," says Thompson, "is the need to 'bridge the logical and physical gap' that exists between software approaches to IdM, like icRARE and the Sun Identity Management suite, for example, and physical identity-verification mechanisms" like smart cards that feature onboard integrated circuits and memory, and that can be embedded with biometric data.

"Much of this need has been driven by Homeland Security's HSPD-12 directive. But it's not just the government that's interested; there are healthcare and other applications as well. The idea is to combine smart cards and software to identify individuals and to control their access to buildings … and also to screen their access, by role or function, such that they are permitted to interact with only the applications and data they are authorized to. This is not futuristic stuff. We are currently using Sun Ray thin clients and software, smart cards, IdM software, and our own data center products to implement and secure these capabilities. This future is now."

Want to know more?

• Learn about the ICSynergy IdM philosophy
• Learn about the complete list of ICSynergy services
• Contact ICSynergy
• See Sun Identity Management Solutions