Enterprise Identity Management

What’s in it for Organisations?
  • Denis Royer
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 262)


When introducing enterprise identity management systems (EIMS), organisations have to face various costs for the planning, the implementation, and the operation of such systems. Besides the technological issues, it is important that organisational aspects are incorporated into the development of an enterprise identity management (EIdM) solution as well. Indeed, without a proper assessment of the costs and the organisational settings (e.g. stakeholders, processes), companies will not see the benefit for introducing EIdM into their IT infrastructure and their business processes. This paper proposes initial ideas for a generic approach for assessing the value of investing in the introduction of EIMS (Type 1 IMS), which can be used for decision support purposes and the planning phase. Furthermore, the organisational aspects are discussed and possible solutions for integrating all relevant parties into the planning process are presented.


Strategic Goal Organisational Aspect Balance Scorecard Security Investment Access Permission 


  1. 1.
    Bauer, M., Meints, M. and Hansen, M., Deliverable D3.1: Structured Overview on Prototypes and Concepts of Identity Management Systems (FIDIS, 2005).Google Scholar
  2. 2.
    Berghel, H., The Two Sides of ROI: Return on Investment vs. Risk of Incarceration, Communications of the ACM, 48(4), pp. 15–20 (2005).CrossRefGoogle Scholar
  3. 3.
    Blohm, H. and Lüder, K., Investition, Schwachstellenanalyse des Investitionsbereichs und Investitionsrechnung (Vahlen, Munich, 1995).Google Scholar
  4. 4.
    Brynjolfsson, E., The Productivity Paradox of Information Technology, Communications of the ACM, 36(12), pp. 67–77 (1993).CrossRefGoogle Scholar
  5. 5.
    Cavusoglu, H., Mishra, B. and Raghunathan, S., A Model for Evaluating IT Security Investments, Communications of the ACM 47(7), pp. 87–92 (2004).CrossRefGoogle Scholar
  6. 6.
    Deron GmbH, Identity Management Studie 2006/2007 (Deron, Stuttgart, 2007).Google Scholar
  7. 7.
    Dewey, B. I. and DeBlois, P. B., Current Issues Survey Report 2007, EDUCAUSE Quarterly, 30(2), pp. 12–31 (2007).Google Scholar
  8. 8.
    Dos Santos, B. L. and Sussman, L., Improving the return on IT investment: the productivity paradox, International Journal of Information Management, 20(6), pp. 429–440 (2000).CrossRefGoogle Scholar
  9. 9.
    Flynn, M. J. (2007); http://360tek.blogspot.com/2006/07/enterprise-identity-services.html, accessed 27th of September 2007.Google Scholar
  10. 10.
    Franklin, C. J., The ABCs of ROI, Network Computing, 27th of April, pp. 93-95 (2002).Google Scholar
  11. 11.
    Geschka, H. and Hammer, R., Die Szenario Technik in der strategischen Unternehmensplanung, in: Strategische Unternehmensplanung — strategische Unternehmensfuhrung, edited by Hahn, D. and Taylor, B. (Physica, Heidelberg, 1997), pp. 464–489.CrossRefGoogle Scholar
  12. 12.
    Hansen, M. and Meints, M., Digitale Identitäten — Überblick und aktuelle Trends, Datenschutz und Datensicherheit (DuD), 30(9), pp. 571–575 (2006).CrossRefGoogle Scholar
  13. 13.
    Hevner, A. R., March, S. T. and Park, J., Design Science in Information Systems Research, MIS Quarterly, 28(1), pp. 75–105 (2004).Google Scholar
  14. 14.
    Jonen, A. et al., Balanced IT-Decision-Card, Ein Instrument für das Investitionscontrolling von IT-Projekten, Wirtschaftsinformatik, 46(3), pp. 196–203 (2004).CrossRefGoogle Scholar
  15. 15.
    Kaplan, R. S. and Norton, D. P., The Balanced Scorecard. Translating Strategy into Action (Random House, Boston, 1996).Google Scholar
  16. 16.
    Lee, A. S., Integrating Positivist and Interpretive Approaches to Organizational Research, Organisational Science, 4(2), pp. 342–365 (1991).CrossRefGoogle Scholar
  17. 17.
    Magnusson, C., Molvidsson, J. and Zetterqvist, S., Value Creation and Return On Security Investmensts (ROSI), in: IFIP SEC 2007: New Approaches for Security, Privacy and Trust in Complex Environments, edited by Venter, H. et al. (Springer, Boston, 2007), pp. 25–35.CrossRefGoogle Scholar
  18. 18.
    May, T. A., The death of ROI: re-thinking IT value measurement, Information Management & Computer Security, 5(3), pp. 90–92 (1997).CrossRefGoogle Scholar
  19. 19.
    Pisello, T., Return on Investment for Information Technology Providers (Information Economics Press, New Canaan, 2001).Google Scholar
  20. 20.
    Potthof, I., Kosten und Nutzen der Informationsverarbeitung: Analyse und Beurteilung von Investitionsentscheidungen (DUV/Gabler, Wiesbaden, 1998).CrossRefMATHGoogle Scholar
  21. 21.
    Purser, S. A., Improving the ROI of the security management process, 23(6), pp. 542–546 (2004).Google Scholar
  22. 22.
    Rossnagel, H. and Royer, D., Investing in Security Solutions — Can Qualified Electronic Signatures be Profitable for Mobile Operators, Proceedings of the 11th Americas Conference on Information Systems (AMCIS), Omaha, Nebraska (2005).Google Scholar
  23. 23.
    Schmeh, K. and Uebelacker, H. (2006); http://www.heise.de/tp/r4/artikel/18/18954/1.html accessed 22.10.2007.Google Scholar
  24. 24.
    Solingen, R. v., Measuring the ROI of Software Process Improvement, IEEE Software, 21(3), pp. 32–38 (2004).CrossRefGoogle Scholar
  25. 25.
    Sonnenreich, W., Albanese, J. and Stout, B., Return On Security Investment (ROSI) — A Practical Quantitative Model, Journal of Research and Practice in Information Technology, 38(1), pp. 45–56 (2006).Google Scholar
  26. 26.
    Wan, Z., Fang, Y. and Wade, M., A Ten-Year Odyssey of the “IS Productivity Paradox” — A Citation Analysis (1996–2006), Proceedings of the 13th Americas Conference on Information Systems (AMCIS), Keystone, Colorado (2007).Google Scholar
  27. 27.
    Windley, P. J., Digital Identity (O’Reilly, Sebastopol et al., 2005).MATHGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Denis Royer
    • 1
  1. 1.Institute of Business InformaticsJohann Wolfgang Goethe University FrankfurtGermany

Personalised recommendations