There is an article in WebSphere Journal by Tony Nadalin, IBM's Chief of Security Architecture. This Q and A addresses how companies can simultaneously protect their mission critical data while they connect with business partners externally.
Here is an excerpt:
"...What Steps Should Organizations Take to Implement a Consistent Identity Management Strategy?
An important dimension of the solution is its incremental implementation; the specific order depends on your organizational needs. The three steps to this are to 1) assess the needs of your organization, 2) identify security policies like who gets access to specific data and who controls certain access points, and 3) establish a business case and run the ROI figures. When you consider that help desk personnel currently spend up to 30% of their time resetting passwords, man hours saved can be huge.
Let's Say You Want to Expand Security Policies to a New Web Service You Are Deploying. What Do You Need to Keep in Mind as Some Unique Characteristics of This Type of Environment?
You need to make sure different applications can access and share information across systems. And the way you do this is by implementing an autonomic identity management strategy that takes advantage of open standards and APIs.
By using an open standard like J2EE, network administrators are able to extract security policies directly from an application, user profile, or data stream. It takes this directly from the packet container and centralizes this information where it can be accessed by a security administrator via an access management solution..."
K-Collector Topics: Autonomic Computing Journalism Open Standards Strategy IBM