Voice of Experience: One Giant Set of KeysBy Baselinemag | Posted 2005-02-01 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Tony Scott, CTO of General Motors, saw a problem when the average employee needed 16 log-in names and passwords.
Manager's Profile: Responsible for defining information-technology and telecommunications architecture and standards for the world's No. 1 maker of cars and trucks. Before joining GM in 1999, he was vice president of information management for Bristol-Myers Squibb.
Identity Crisis: A few years ago, GM's identity-management infrastructurewhich ensures that only authorized individuals can access certain data"was kind of a mess," Scott says. The root of the problem: Each application used its own, discrete identity-management mechanism. This meant that by early 2002 the average GM employee had to juggle 16 different IDs and passwords to get his or her job done, Scott says: "It was getting ridiculous."
Hitting Reset: With so many passwords to keep track of, GM's 324,000 employees sometimes would blank on a few. On heavy days, Scott says, the number of password-reset requests to the corporate help desk was in the thousands.
His Project: Establishing a global ID system for GM. He's aiming to let each employee or partner use just one name and password to enter any GM system to which they've been granted access. The first phase, which GM finished in early 2004 after two years in the works, puts in place the basic directory infrastructure comprised mainly of Sun Microsystems and Microsoft software.
Bright ID: Next, GM is converting individual applications to use the central directory for authenticating people and retrieving their access privileges. "The guidelines to our developers are clear: Thou shalt use the directory services," Scott says. So far, about 90% of GM's Web-based applications are using the new ID system, compared with between 50% and 60% of older applications. According to Scott, it will take years to switch over completely: "I don't know if you're ever finished with a project like this."
Fewer Hassles: The results so far? Scott says that in 2004 on days when GM required employees to change their passwords, call volume to the help desk was as much as 30% lower than prior-year levels. "Subjectively," he says, "the whole password thing is much lower on the list of what people are concerned about."