CIO Kevin Sparks of Blue Cross and Blue Shield of Kansas City had three goals when he began deploying software for identity and access management (IAM): to simplify access to key systems and records for employees and external customers, to make that access "bulletproof" from a security standpoint, and to lighten the load of IT administrators and help desk managers.
The project hasn't been easy or cheap. The HMO has spent between $500,000 and $1 million and approximately three years on its IAM deployment. Sparks attributes at least some of that cost and time to "jumping in at the deep end of the privacy pool": that is, attempting to set up a complex automated user provisioning system without "getting our house in order first." That meant performing various housecleaning tasks such as defining or redefining business processes, getting the Active Directory (AD) schema in order, and cleaning up the HR database.
This was first published in November 2006