Better to start ID management with a clean slate, say experts

CA and Oracle execs say that businesses with no legacy identity and access management systems have a head start

Organisations that have not previously considered identity and access management (IAM) may have a head start over others, according to Tim Dunn, vice president security strategy Europe for CA Technologies.

Speaking at the Gartner IAM Summit 2011 in London yesterday, Dunn said: "Businesses that haven't concerned themselves with IAM before are in the best situation, they can implement a solution without worrying about integrating with a legacy system."

He also explained that the cloud is the best way to manage a new implementation.

"The cloud is an efficient way of setting up trust models and managing identity."

He added that IAM has grown organically as new technology has been adopted.

"This legacy problem is one we have created for ourselves," Dunn explained. "We have a myriad of systems and applications, developed initially with a mainframe architecture, then more distributed, and now in the cloud."

He argued that IAM solutions are largely fragmented and silo-based as a result of their organic growth and sporadic implementation.

Nishant Kaushik, chief strategist IAM for Oracle, said: "We need to get away from IAM existing to service specific applications. A radical and broader approach is needed but this will bring risk and disruption."

Dunn concluded that federated identity is the answer.

"We need to get into federated identity. The information needs to be managed centrally, and must be able to be accessed from anywhere."