[Excerpted from "Mapping IAM Processes To The Business," a new report posted this week on Dark Reading's Identity and Access Management Tech Center.]

The problems of managing user identities and access to sensitive data are well-known and intractable. For all but the most sophisticated organizations, the past 15 years has been about consolidating identity and access management around technologies like Microsoft's Active Directory and LDAP, and about moving -- haltingly -- toward goals such as enterprise single sign-on and identity governance.

During this time, identity and access management has largely been focused on securing "people" and "devices" to traditional, perimeterized IT networks, with people identified by a user ID and password and devices by an IP address, says Bill Conner, the CEO of Entrust.

The world is changing, though. Malware is more stealthy and targeted -- able to gain a foothold on end user systems and then use (and abuse) their access to network resources to make off with sensitive data. Recognizing this, both internal and external auditors are concerned more with the "ends" of user access to data than with the means. They want to know who can access sensitive personal information and other regulated data, and how.

At the same time, Conner says, the rapid adoption of technologies such as virtualization and the SaaS computing model has moved the goalpost by redefining how applications and data are used and accessed. Despite this, many organizations continue to rely on ad hoc, siloed and manual processes for managing user identities and access across applications and resources.

User provisioning has historically been a long, laborious and expensive task implemented by an organization's IT group and managed through the help desk. The result, says Jason Garbis, vice president of marketing at Aveksa, was that companies would extend the central IAM platform -- traditionally supplied by vendors such as IBM/Tivoli, Oracle and CA -- out to the few mission-critical applications but would leave many unmanaged.

Add to that the complexity of today's Web-based and SaaS applications, which are often adopted by line-of-business managers without any consideration as to how to manage the new set of user accounts. Indeed, in large organizations, dozens of separate SaaS applications may be used by overlapping groups of users, with only the barest involvement of the IT group and others responsible for managing identities within the organization.

For a look at how companies are overcoming these issues and aligning their IAM processes more closely with business operations, download the free report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.