Mark Ford

The Internet has led to the spawning of a whole industry: Identity and Access Management. We conclude our conversation with Deloitte's Mark Ford about how Deloitte is participating in this market innovation.

Like this? Let us know with a $5 donation, so we can do more

Filed under: Ann Arbor, MI | Defining New Markets | Deloitte | IT Security | Managing Growth | Mark Ford | Twelve Month Goals

As Mark Ford, Principal, Deloitte, shares in this segment (download 7 minute iPod compatible video, 34MB), Deloitte's privacy and security practice is growing in excess of 30% per year, and the firm expects this rate to continue through 2010. An issue with this kind of growth in demand is how to add quality capacity to meet it.

Deloitte's strategy consists of a mixture of internal growth and and acquisition. Recently, the firm acquired Iditarod Systems, a McLean, VA based firm in the identity space. Iditarod has a similar culture to Deloitte's and brings a valuable technical focus to the table.

At Michigan Innovators, we tend toward Larry Schmitt's definition of innovation, i.e., a change that is accepted by the market place. In the case we have been discussing in this series of segments, Deloitte perceived a decade ago that the Internet would bring a whole host of access and security issues to its traditional corporate clientele. The rapid growth of Deloitte's Internet security related practices bears witness to the scope of change taking place in that market place.

(n.b., As used in this article, "Deloitte" means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Deloitte's site (www.deloitte.com/us/about) outlines the legal structure of Deloitte LLP and its subsidiaries.)

Access management tools can profoundly impact a company's business processes.

Like this? Let us know with a $5 donation, so we can do more

Filed under: Ann Arbor, MI | Deloitte | Finding Gaps | IT Security | Mark Ford

As Mark Ford, Principal, Deloitte, notes (download 6 minute iPod compatible video, 32MB), enabling access management is not just a question of installing a technology toolkit. Access management issues profoundly impact a company's business processes. For instance, regulatory compliance may require that only certain officers have access to financial reports. Allowing customers access to company systems allows them to serve themselves but also creates opportunities for exploits.

Mark feels his best opportunity to help his clients comes when they are first addressing access management issues. That way he can help them consider the changes such systems will bring in the context of their business strategy. When he comes in later in the process, he typically has to reconcile the strategy with the technology chosen and faces more challenges in helping with the change in the business process.

(n.b., As used in this article, "Deloitte" means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Deloitte's site (www.deloitte.com/us/about) outlines the legal structure of Deloitte LLP and its subsidiaries.)

Groups of consultants working in Deloitte's Enterprise Risk Management practice saw the opportunity to extend the practice by going into implementation.

Like this? Let us know with a $5 donation, so we can do more

Filed under: Ann Arbor, MI | Deloitte | Finding Gaps | Mark Ford

In this segment (download 8 minute iPod compatible, 41MB), Mark Ford, Principal, Deloitte, describes the "bottom-up" process of innovation that led to the creation of Deloitte's Identity and Access Management practice. Ten years ago, when Mark joined Deloitte as a senior consultant, there was no Identity and Access Management Practice. Rather, groups of consultants working in the Enterprise Risk Management practice saw the opportunity to extend the practice by going into implementation.

The fit was natural. Risk assessment is an important first step in determining access management policies so that you do not spend more than it is worth to control access to resources. In their spare time, Mark and his cohort began selling identity and access management work, involving others, and ultimately growing a separate practice area.

In this process, the Deloitte brand was critical. It provided a mark of quality and opened doors with already existing relationships.

(n.b., As used in this article, "Deloitte" means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Deloitte's site (www.deloitte.com/us/about) outlines the legal structure of Deloitte LLP and its subsidiaries.)

Identity and access management tools designed for the web can be adapted to the enterprise, but the access model is more complex.

Like this? Let us know with a $5 donation, so we can do more

Filed under: Ann Arbor, MI | Deloitte | Finding Gaps | IT Security | Mark Ford | Web 2.0

In this brief segment (download 3 minute iPod compatible video, 14MB), Mark Ford, Principal, Deloitte, describes how single sign-on took off in the enterprise market after web applications became wide spread, creating a sort of Enterprise 2.0. In a web application like Google docs or Yahoo Finance, the user signs on one time and has access to many underlying applications.

However, the access model for enterprise applications is more complex. For instance, students in university can access the courses they are taking but cannot access the system for assigning grades. Professors can access the grading system but not the students' billing records.

(n.b., As used in this article, "Deloitte" means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Deloitte's site (www.deloitte.com/us/about) outlines the legal structure of Deloitte LLP and its subsidiaries.)