At the SailPoint user conference this week, I heard from many people who run large retail banking establishments. One thing they have in common is too many places that store their user’s identities. In some cases, they have to first filter their Active Directory data into a spreadsheet to make sense of who has what rights to which particular datasets. That is just insanity. It may be time to start to clean up your identity data.
SailPoint’s customers should know about these sorts of problems. They sell identity governance and management software and to some pretty big companies. SailPoint is installed in the world’s largest bank, the world’s largest insurance company, the world’s largest packaged goods company, the world’s largest oil company, and the world’s largest food services company. Do you detect a trend here?
Many of these large corporations have had a hard time getting a handle on where they store their identity information. For example, one customer has more than 65,000 employees and another 20,000 or so contract workers. For the employees, they have minimal information in Active Directory, and most of the personal data is stored in their ERP system. That is fine, but the opposite is the case for the contractors: their personal data is mostly in AD, with just the barest of details in the ERP system. And just when you get your head around that, they also have several spreadsheets that sit on various managers’ desktops that are manually maintained. That is a disaster waiting to happen.
One way to deal with this is what Gartner identity analyst Earl Perkins says to lose the mindset: “Stop talking about identity management as an IT problem and start talking about it as a business problem.” Make identity issues more visible to business-unit managers, so they can see the value of having a good identity governance process that can benefit their own bottom lines.
But given that the average identity management tool is a six-figure sale, you also need top-down support too: getting your board and upper management in on the deal is absolutely essential.
Certainly, figuring out how many HR and other databases you really have can be tedious, especially if you are a large multinational company with dozens of business units scattered all over the planet. At one large bank, they have spent the past decade acquiring lots of smaller banks on every continent, with the result that what started in North America with an predominantly English-speaking staff they now have almost as many Spanish-speakers in other pockets around the world.
Retailers have large influx of temporary workers towards the end of the year, when they hire up for the holiday shopping season. But the time to clean this up is now. Don’t wait until yearend when it is too late to start on a project like this. As one of the conference presenters said, “The drama among IT, info security and the business units can be overwhelming if you don’t have good identity management in place.” Truer words were never spoken.