Download This Newsletter as a PDF

ID Lifecycle 101: credential Management

Excerpts from RE:ID, Fall 2011

Issuing a credential is only the start of the identity lifecycle.  As an individual moves around an organization, controlling and adjusting the systems he can and cannot access is equally important to the initial identity vetting.  Throughout the ID lifecycle, the identity and credential management function is essential.

As Identification has evolved, “it’s gotten much more detailed and much more broad,” says Terry Gold, VP of Sales North America at idOnDemand.  “Over the past 10 years, the importance of identification within an organization has skyrocketed.”

When dealing with ID management , coordination of both physical and logical access points is key.  However, different areas within an organization often have responsibility to control different access privileges.  Security departments tend to manage the physical aspects, controlling who gets into buildings, garages, elevators, doors and doors within doors.  IT manages the logical access functions, granting permission to devices, applications and networks.

Companies that don’t coordinate these two functions may waste a lot of money.  This can result in having to issue separate Ids and credentials for each function, which can be a budget breaker.

Along with making sure identity is centrally managed, Gold says it should also be managed in-house.  While credential issuance can be outsourced, she believes it is risky to outsource the management functions as well.  “Most enterprise and government agencies are very resistant to outsource much that relates to these controls,” says Gold.

“Our philosophy is to segregate the credential issuance process from these controls and let the customer completely own these areas as they wish.  This ensures that they remain in complete autonomous internal control of who accesses what, views data, etc..” says Gold.

Issuing identification to a new employee begins before the employee’s first day on the job.  Preparing for that employee involves making sure that he is who he says he is, and this requires diligent effort before the person is put into the system.

Administrators of identity system usually determine who accesses which applications within an organization.  Many vendors provide solutions to make this process easier, through products such as  active directory, LDAP and dedicated ID management solutions.

As a user a user gets higher levels of access with a corporation, more authorization and verification is necessary.  Access levels can also be set for pre-determined periods of time.

“ Once the individual is using the credential there is post– issuance lifecycle support for functions that handle lost cards/devices, forgotten PINs, PIN changes, remote delivery and activation or onsite bureau printing and programming to offload traditional help desk functions into a secure self-service model,” says Gold.

Companies are beginning to explore different types of applications that can be added to a person’s identity badge.  Functions such as time and attendance, transit ticketing and payment, parking and garage access, and cafeteria privileges are just a few of the applications being added to credentials.

“A lot of these solutions are very complex to deploy, requiring large budgets and multi-year timelines.  As a result, we will continue to see maturity in ID management applications and their ability to scale, deploy more easily, and include more applications,” says Gold.