Sample Paper on Identifying Management Challenges in IT

Identity Management Challenges

Managing identities and access control for enterprise applications remains one of the greatest challenges facing IT today. While an enterprise may be able to leverage several cloud-computing services without a good identity and access management strategy, in the end extending an organization’s identity services into the cloud is a prerequisite for strategic use of on-demand computing services. Establishing a user-centric identity management infrastructure will allow user the ability to quickly determine what information is revealed to which parties and for what purposes, how trustworthy those parties are and how they will handle the information, and what the consequences of sharing their information will be. For example, identities may be associated with human resources hiring and firing, new or changing partner and contractor relationships, or new servers or applications being setup. (Kumaraswamy, Lakshminarayanan, Stein, & Wilson, 2010).

There have been many reasons supporting the reluctance for many organizations progress towards effective identity management. Organizations continue struggling to keep digital identities parallel with reality of enterprises despite having more automation available to provision users of the applications and other resources (Kumaraswamy et al, 2010). Among the most challenging identity management issues includes:


Despite its magnitude being among the most challenging identity management issue, complexity does not necessarily have to do with the technology or software from suppliers. It is caused by complexity of IT, which has increased tremendously in the contemporary world. The number of applications has increased and there are various applications and resources that workers can access (Kumaraswamy et al, 2010). For stance, there are those applications that are allowed for on-premises or others like software as a service which are based on cloud architectures. The increasing complexities of IT are clear indications that management identity issues could be getting worse. There are high numbers of employees who have access to the system and carry out critical roles of organization including moving systems to the cloud, which add to complexities of their roles in organization (Smith, & McKeen, 2011).

Organization fails when matching employee’s roles and expectations with the level of information access and resources. To the new employees who are being hired, access level should be granted gradually as workers gain experience and organization knowledge. New recruits should not be given equal access level with highly experienced staffs in the organization since they have accumulated privileges accompanying administration right over time. Although it is so involving and time consuming, management should play a vital role in ensuring every employee has a job description describing their positions. These job descriptions are ought to identify employees authority, duties and deliverable. Role based identity is vital when solving complex identity management issues in the organization (Smith, & McKeen, 2011).

User authentication gone bad

Good authentication of the user is a major component that plays vital role in successful identity management. Up to date, many companies have been using combination of passwords and user name to carefully examine the access and control authorization. There have been major attacks, which have proven that passwords and username have been insufficient tools to use when identifying users. For instance, LinkedIn which is a social media network has experienced an attack through unauthorized access to organization’s information. This scenario is an indication of authentication failure and becoming unreliable to control organization access to account resources and data hence, a challenge of identity management (Stuart, Ashforth, & Dutton, 2000). There are also some user accounts that do not have a clear owner such that it is hard to identify it with a specific employee. These accounts could be having minimal applications that are not frequently used in the organizations. There are many stronger authentication techniques that are proven viable in the market. The major challenge being cost and complexity of application; as a result, these authentication techniques have failed to penetrate to the market (Stuart et al, 2000).

During termination of employee’s contracts or leaving employment, there is a need to remove their security privileges concerning the username and passwords to access company information. If an organization fails to deactivate the accessing rights of employees who leave from employment completely and in timely basis, they could be accessing organization sensitive data either themselves or intruders impersonating using their identity. This could cause security threat to company confidential information or exposing organization strategies to competitors. Deactivation of the user account in the system could additionally include revoking their access rights (Gordon, & Barber, 2009).

Treating identity management as a project

Many management levels of the organization underestimate the essence of a convenient and feasible identity management. This becomes major challenge of identity management since it is difficult to convince the executive implement them in the organizations. Majority of leaders lacks what it takes to implement identity management programs, which help in gaining full understanding of how employees operate and this assist in building up IT processes that would reflect the authenticity. As a result, this becomes a major challenge since management does not treat identity management as a concern when allocating funds to other projects in the organization (Gordon, & Barber, 2009).




Ashforth, B. E., Harrison, S. H., & Corley, K. G. (2008). Identification in organizations: An examination of four fundamental questions. Journal of management, 34(3), 325-374.

Gordon, G. R., & Barber, S. (2009). Global ID Management: Addressing global ID management challenges. Computer Fraud & Security, 20097-10. doi:10.1016/S1361-3723(09)70072-7

Kumaraswamy, S., Lakshminarayanan, S., Stein, M. R. J., & Wilson, Y. (2010). Domain 12: Guidance for identity & access management v2. 1. Cloud Security Alliance. Online: http://www. cloudsecurityalliance. org/guidance/csaguide-dom12-v2, 10.

Smith, H. A., & McKeen, J. D. (2011). The Identity Management Challenge. Communications of The Association for Information Systems, 28169-180.

Stuart, A., Ashforth, B. E., & Dutton, J. E. (2000). Organizational identity and identification: Charting new waters and building new bridges. Academy of Management. The Academy of Management Review, 25(1), 13.