Identity management (ID management) is a broad administrative area that deals with identifying individuals in a system and controlling their access to resources within that system by associating user rights and restrictions with the established identity. The driver licensing system is a simple example of identity management. Drivers are identified by their license numbers and user specifications are linked to the identifying number. Identity management success: Perhaps most important in any successful IM strategy is to consolidate access controls. Traditionally, controls exist at the level of a software application. But security experts say that application-based controls create a fragmented environment that is a nightmare to manage and can open numerous doors for unauthorized users. Trying to control access for each application is particularly problematic for legacy systems, which tend to have many vulnerabilities and flaws because the agency has not been able to test it on a large scale as private software companies which can do better than them. Latest identity management tool: Despite the risks of unauthorized users electronically grabbing private or sensitive information, many agencies have yet to install an identity management tool. The reason: It”s complicated. To begin implementing IM on its networks, an agency”s IT shop typically conducts an inventory of systems to determine what information it stores, where it is stored and how the right to access that information is assigned for each application. Many are legacy systems or run on proprietary programs built
by the agency. That makes it difficult or impossible to reprogram the systems or applications to interact with a commercial IM tool.