The Business of Identity Management Barry R. Ribbeck Director Systems Architecture & Infrastructure Rice University

NMI-EDIT  I dentity management is often seen as a technological infrastructure that supports portals or reduces logins required for central systems. However, emerging trends point to opportunities to leverage it for bottom-line contributions to the institution. Sponsored by NMI-EDIT, this session will discuss why identity management should be part of your business strategy

NMI-EDIT Changes  HE Institutions are not islands  Partnerships and collaborations  Business  Government  Communities  Interactions with externals are increasingly becoming electronic based  HE Institutions are not islands  Partnerships and collaborations  Business  Government  Communities  Interactions with externals are increasingly becoming electronic based

NMI-EDIT Examples  Government - Online Grants  Banks - Online payroll transactions  Utilities & Vendors- Online payments  Students - Online registration  Financial - Online Federal Aid  Information - Online Libraries  Research - Grids, Fastlane, etc..  Courseware - Online course management  Government - Online Grants  Banks - Online payroll transactions  Utilities & Vendors- Online payments  Students - Online registration  Financial - Online Federal Aid  Information - Online Libraries  Research - Grids, Fastlane, etc..  Courseware - Online course management

NMI-EDIT Business Challenges  Support  Scale - too many accounts  Security -  account requirements differences  Management  Trust - the keystone of inter institutional collaboration and a critical business practice  Costs  Support  Scale - too many accounts  Security -  account requirements differences  Management  Trust - the keystone of inter institutional collaboration and a critical business practice  Costs

NMI-EDIT ROI Potentials  Pharmaceutical Industry numbers  > $1 billion per year in identity credentialing models  40% of annual R&D costs attributed to paper based business processes  NE Journal of Medicine  Paperwork = 31% of all health costs ($500 billion in 2004)  Pharmaceutical Industry numbers  > $1 billion per year in identity credentialing models  40% of annual R&D costs attributed to paper based business processes  NE Journal of Medicine  Paperwork = 31% of all health costs ($500 billion in 2004)

NMI-EDIT External Drivers  Federal eGov Initiative  Fastlane  Digital Content Providers  Banking industry  SAFE - Pharmaceutical industry  Certipath -Aerospace  Federal eGov Initiative  Fastlane  Digital Content Providers  Banking industry  SAFE - Pharmaceutical industry  Certipath -Aerospace

NMI-EDIT Fundamentals & Federations  A federation is an association of organizations that come together to exchange information as appropriate about their users and resources in order to enable collaborations and transactions.  Policy based authentication and authorization  IAA are business processes not just technical processes  Provide for Scaleable Identity Management  Standards based community infrastructure  Well defined Trusts  A federation is an association of organizations that come together to exchange information as appropriate about their users and resources in order to enable collaborations and transactions.  Policy based authentication and authorization  IAA are business processes not just technical processes  Provide for Scaleable Identity Management  Standards based community infrastructure  Well defined Trusts

NMI-EDIT IdM Business Practice  We (HE) need to know who we are interacting with as do our partners.  Identity management is evolving from pure technical practices to a business process.  We will not be able to continue using the old methods and practices in the near future.  Government is aware that IdM is an important issue and is making changes in the way they interact electronically with HE.  Legal compliance  We need to understand the value of TRUST  We (HE) need to know who we are interacting with as do our partners.  Identity management is evolving from pure technical practices to a business process.  We will not be able to continue using the old methods and practices in the near future.  Government is aware that IdM is an important issue and is making changes in the way they interact electronically with HE.  Legal compliance  We need to understand the value of TRUST

NMI-EDIT Transitions  How do I sell this to administration?  Not hard to find support in business circles, Pick any IT consulting firm, CIO magazine, Educause, IT auditor reports.  How / where do I begin?  Resources, roadmaps, self evaluations, IT audits See appendix  Business drivers that make IdM a real need for HE  The future of Access?  How do I sell this to administration?  Not hard to find support in business circles, Pick any IT consulting firm, CIO magazine, Educause, IT auditor reports.  How / where do I begin?  Resources, roadmaps, self evaluations, IT audits See appendix  Business drivers that make IdM a real need for HE  The future of Access?

NMI-EDIT Reading the Signs  Title 2 of H.R. 418 (Real ID Act)  HIPAA (PRIVACY)  eGOV (authentication initiative of the Fed)  GLB (protecting consumer personal financial information)  Texas Medical Privacy Act (SB11) (Hipaa on steroids)  Texas S.B. 122 (identity theft - information spill)  Texas BPM 66 (SSN use reform)  Title 2 of H.R. 418 (Real ID Act)  HIPAA (PRIVACY)  eGOV (authentication initiative of the Fed)  GLB (protecting consumer personal financial information)  Texas Medical Privacy Act (SB11) (Hipaa on steroids)  Texas S.B. 122 (identity theft - information spill)  Texas BPM 66 (SSN use reform)

NMI-EDIT What Should campuses do today?  Start building your IdM infrastructure  Approach from a business practice perspective. Look at security, confidentiality, trust and business continuity.  Join a federation, prepare for eGov CAF  Encourage business partners to embrace IdM  Define your policies around good business practices not just easiest technology to implement.  Start building your IdM infrastructure  Approach from a business practice perspective. Look at security, confidentiality, trust and business continuity.  Join a federation, prepare for eGov CAF  Encourage business partners to embrace IdM  Define your policies around good business practices not just easiest technology to implement.

NMI-EDIT  Change is upon us but we don’t have to panic, we just need to prepare.  IdM is a core business practice, and we need to begin to address it in that manner  Trust is a precious and tenuous commodity. We should protect it the way we do other business resources.  Change is upon us but we don’t have to panic, we just need to prepare.  IdM is a core business practice, and we need to begin to address it in that manner  Trust is a precious and tenuous commodity. We should protect it the way we do other business resources.

NMI-EDIT REFERENCES   cuments/CAF.pdf cuments/CAF.pdf    gementWorkingGroup/928   cuments/CAF.pdf cuments/CAF.pdf    gementWorkingGroup/928