IT Security

The Internet has led to the spawning of a whole industry: Identity and Access Management. We conclude our conversation with Deloitte's Mark Ford about how Deloitte is participating in this market innovation.

Like this? Let us know with a $5 donation, so we can do more

Filed under: Ann Arbor, MI | Defining New Markets | Deloitte | IT Security | Managing Growth | Mark Ford | Twelve Month Goals

As Mark Ford, Principal, Deloitte, shares in this segment (download 7 minute iPod compatible video, 34MB), Deloitte's privacy and security practice is growing in excess of 30% per year, and the firm expects this rate to continue through 2010. An issue with this kind of growth in demand is how to add quality capacity to meet it.

Deloitte's strategy consists of a mixture of internal growth and and acquisition. Recently, the firm acquired Iditarod Systems, a McLean, VA based firm in the identity space. Iditarod has a similar culture to Deloitte's and brings a valuable technical focus to the table.

At Michigan Innovators, we tend toward Larry Schmitt's definition of innovation, i.e., a change that is accepted by the market place. In the case we have been discussing in this series of segments, Deloitte perceived a decade ago that the Internet would bring a whole host of access and security issues to its traditional corporate clientele. The rapid growth of Deloitte's Internet security related practices bears witness to the scope of change taking place in that market place.

(n.b., As used in this article, "Deloitte" means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Deloitte's site (www.deloitte.com/us/about) outlines the legal structure of Deloitte LLP and its subsidiaries.)

Access management tools can profoundly impact a company's business processes.

Like this? Let us know with a $5 donation, so we can do more

Filed under: Ann Arbor, MI | Deloitte | Finding Gaps | IT Security | Mark Ford

As Mark Ford, Principal, Deloitte, notes (download 6 minute iPod compatible video, 32MB), enabling access management is not just a question of installing a technology toolkit. Access management issues profoundly impact a company's business processes. For instance, regulatory compliance may require that only certain officers have access to financial reports. Allowing customers access to company systems allows them to serve themselves but also creates opportunities for exploits.

Mark feels his best opportunity to help his clients comes when they are first addressing access management issues. That way he can help them consider the changes such systems will bring in the context of their business strategy. When he comes in later in the process, he typically has to reconcile the strategy with the technology chosen and faces more challenges in helping with the change in the business process.

(n.b., As used in this article, "Deloitte" means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Deloitte's site (www.deloitte.com/us/about) outlines the legal structure of Deloitte LLP and its subsidiaries.)

Identity and access management tools designed for the web can be adapted to the enterprise, but the access model is more complex.

Like this? Let us know with a $5 donation, so we can do more

Filed under: Ann Arbor, MI | Deloitte | Finding Gaps | IT Security | Mark Ford | Web 2.0

In this brief segment (download 3 minute iPod compatible video, 14MB), Mark Ford, Principal, Deloitte, describes how single sign-on took off in the enterprise market after web applications became wide spread, creating a sort of Enterprise 2.0. In a web application like Google docs or Yahoo Finance, the user signs on one time and has access to many underlying applications.

However, the access model for enterprise applications is more complex. For instance, students in university can access the courses they are taking but cannot access the system for assigning grades. Professors can access the grading system but not the students' billing records.

(n.b., As used in this article, "Deloitte" means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Deloitte's site (www.deloitte.com/us/about) outlines the legal structure of Deloitte LLP and its subsidiaries.)

Just as the Internet has given rise to a whole new array of identity and access challenges, identity management systems that are designed for the Internet, like openID, may be part of the solution.

Like this? Let us know with a $5 donation, so we can do more

Filed under: Ann Arbor, MI | Deloitte | Enterprise Software | Finding Gaps | IT Security | Mark Ford | Web 2.0

Mark Ford, National Leader of Deloitte's Identity and Access Management Practice, recounts how the practice has emerged over the past decade (download the 7.5 minute ipod compatible video, 39MB). One of the driving forces in its creation has been the emergence of the Internet as a daily fact of business life. Once internal and externally facing systems are opened to the Internet, they face hundreds of different permutations in having to verify identity and grant access.

Just as the Internet has given rise to a whole new array of identity and access challenges, identity management systems that are designed for the Internet, like openID, may be part of the solution. Generally, the choice of solution will be based on risk assessment that weighs the potential increase in business from open access against the financial damage a breach would bring. A good example is the credit card industry that takes on the risk of sending out unsolicited cards in order to gain business.

In future segments, we will discuss Deloitte's innovation model and trends in Internet security.

(n.b., As used in this article, "Deloitte" means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Deloitte's site (www.deloitte.com/us/about) outlines the legal structure of Deloitte LLP and its subsidiaries.)