According to the report - `Federated Identity and Access Management: Creating a connected world’ – the methodology includes setting out the business case for FIAM and then conducting a planning process, before moving on to the implementation stages.
The report notes that FIAM enables seamless, secure access to multiple external systems, revolutionising the way organizations interconnect with customers and suppliers.
In use, the technology allows businesses to centrally manage employees’ access to multiple external systems, without the need to do this in each external system. Security is increased, costs are reduced, and the user experience is improved, it notes.
Steve Durbin, the ISF’s global vice president, says that FIAM offers great benefits as long it’s implemented in a secure way that doesn’t expose the business to unnecessary risk.
“This new report offers thorough, practical and business-focused advice on getting FIAM right and provides pointers to a range of tools our Members can use to help them implement FIAM successfully”, he explained.
The report says that most businesses will focus on outbound FIAM connections, defined as those where their staff are given access to systems provided by other parties.
“Organizations that provide outsourced or cloud-based applications can gain competitive advantage by developing inbound connections for their customers”, it notes, adding that to succeed, any FIAM project must have the full backing of the business.
IT professionals then need to determine the scope of the FIAM, and then establish a governance framework, before defining a set of technical FIAM standards.
The next stage is to run a FIAM pilot and then integrate the FIAM system into existing IAM systems and general IT processes. From there the report recommends defining an approach for managing relationships with FIAM partners and then creating a process for managing FIAM connections.
An executive summary of the report is available to all comers on the ISF web site and, although the complete report is only available to forum members, the summary has some good pointers for IT security professionals, Infosecurity notes.