Identity management savings threatened by standards row

A standards war is threatening to cancel the short-term cost savings companies can make by deploying an identity-management infrastructure.

The warning from analysts comes as Microsoft, Novell and others roll out their identity-management frameworks and products.

Microsoft launched its Identity Integration Server 2003 at the beginning of July, followed days later by Novell's announcement of its Identity Automation Framework. Earlier this week the Liberty Alliance - a group of 160 companies working towards open standards for identity management - published its guidelines for businesses developing their identity-management policy.

Even Hewlett Packard has been getting in on the act, with the announcement this month that it is to buy security-software firm Baltimore's SelectAccess business - which was losing more than £2m a year - for £8.3m.

Analysts say identity management is one of the few technologies proven to deliver significant returns on investment. But, they warn, with so many companies touting different frameworks and solutions, enterprises should embrace the relatively immature technology with caution.

James Governor, principal analyst at Redmonk, said a significant number of calls to an enterprise helpdesk are from employees asking for replacement passwords - after expiry or memory lapse.

"Let's say every call to the helpdesk costs a few pounds; if people can help themselves online, [changing a password] will only cost 50 pence."

He said that instead of wasting time changing a password, helpdesk staff could be "working on more important problems".

Graham Titterington, principal analyst at Ovum, said: "The return is so impressive that recovering your outlay in 12 months is quite feasible."

But he warns that committing to a particular technology too early may cost companies dearly: "There is quite a gamble involved, because it's not yet clear what the winning technology will be. I wouldn't say to people, 'don't touch this with a bargepole,' but they should not be looking too far into the future."

Part of the problem is that so many of the big companies, such as Microsoft, Novell and HP, are working against each other rather than together. The Liberty Alliance is focused on creating a solution based on open standards, but Titterington warns that although they "have a reasonably good chance of being one of the winners", with such big enemies, people should remember they could lose.

According to Titterington, companies should "do what is necessary to solve their immediate problems" but not get "too involved". However, because the whole identity management infrastructure is based around directories and public key infrastructure (PKI), he believes that for companies with an infrastructure and some associated working processes, "migration to an alternative would not be as horrific as having to start from scratch".

Munir Kotadia writes for ZDNet UK