Identity Management and the IT Monoculture

marcocasassamont — Wed, 04 Mar 2009 17:55:00 GMT

A recent article (called "IT Monoculture: Security Risks and Defenses") published by the IEEE Security and Privacy magazine, discusses pros and cons of having an IT Monoculture, i.e. where no diversity is introduced for specific IT solutions deployed within organizations.

Quite interestingly this applies also for Identity Management. On one side deploying the same Identity Management (IAM) solutions across an organization increases efficiency, central control and uniformity. On the other hand, it might potentially increases the exposure of the organization to threats and related risks.

I guess that, at the end, it is a matter of economics, involving trade-offs between involved costs, security and productivity.

This is an area where modeling and simulation (see Security and Identity Analytics) might be of some help, to explore, predict and identify the most suitable approach for an organization, given the organization profile and the underlying threat environment.

Just wondering if there is any recent, official study (I have not yet found it ...) exploring the current level of "IAM-diversity" within organizations. Any pointer/link would be welcome ...

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

Research on Security and Identity Management (by Marco Casassa Mont) : diversity

Identity Management and the IT Monoculture