Like many telcos, Telstra was hugely busy during the dotcom bubble, releasing products and services onto the market. The company's exertions doubtless appeased Telstra customers clamouring for everything new and sexy under the sun, but they have produced some nasty headaches for Telstra further down the track.
The trouble is that since each of those products and services was developed in isolation, customers across all segments - consumer, SME and corporate - quickly ended up having to maintain numbers of different credentials to verify their identity. So while Telstra has built some excellent functionality that is now being developed internationally, it is paying well over the odds in support costs.
"From an industry perspective, we want to make sure that we embrace whatever standards that our customers demand of us, and it makes it very hard when you have a point solution,"says general manager technology in broadband and online services Mick Noonan. "Our customers have many complex interactions with us right across the business, and what they expect when they deal with Telstra is that we recognise them as the one customer, regardless of whether they've rung up our front of house to enquire about their bill, or if they've connected online to make some other query,"Noonan says. Identity management is thus critical in determining the Telstra customer experience.
To address the problem, Telstra over the past couple of years has been intensely focused on establishing a common customer access and identity infrastructure to allow it to manage customer access consistently. It's a long, hard haul - much harder than the team ever imagined it would be at the start - but Noonan has no doubt it is a path that Telstra must take. He says larger companies in particular must take a corporate view, and look at strongly encouraging the use of common identity infrastructure across the whole company. "It's very easy for different parts of the company to tend to go their own way, but I think for most companies, a key asset is understanding their customer and all of their interactions with their company. If that information is fragmented it's hard to accomplish that."
Identity management is becoming a major issue for leading organisations. A host of vendors are out there offering - mostly incompatible - solutions designed to ensure systems can be made more secure through the introduction of much more rigorous controls. But that in itself is not going to make life any easier for CIOs forced to wade through the morass of competing claims and counter-claims about the benefits of each in search of the optimum solution. And the complications go beyond trying to weigh the benefits of biometric solutions against digital solutions at a time when many of those biometric solutions seem vulnerable to hacking. Since anything can have an identity and be forced to authenticate at different levels, such that even a piece of code can be made to require an extra password before it executes, it is clear there is nothing simple about managing identity.
The need to get it right is critical. Research firm Gartner lists identity management/provisioning as one of the top three issues security groups should address quickly, not to mention the area with the best ROI potential. The problems arise because traditional IT infrastructures are not based around users but upon hardware or applications. As a result, many organisations are in the Telstra boat of having to give each employee or customer separate access to each application or database appropriate to their needs - each of which comes with its security system, its own set of information about authorised users and its own management interface.
Organisations see identity management solutions that place the user at the centre of the enterprise infrastructure as the answer. That way new employees or customers just need to be added to a single system to gain dynamic access to every application they need, according to identity. The fastest steps forward are coming from those technologies enabling that centralised management - the directory vendors.
As Bloor Research notes: "What they are selling is the peace of mind that comes from knowing that all of the access controls are managed within a single place and that, as long as the directory is not breached, the IT infrastructure should be secure. The security of that central directory is easier to manage - because there is only one - and it will also deliver all those nice user features that we want: single sign-on, desktop lockdown, automated software distribution and so on."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.