Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Draining the Swamp written by Patrick Foley

Patrick Foley

After career path that wound through journalism, secondary school administration and coaching, Pat Foley, while managing several customer service groups in Harvard University’s financial administration, began an increasing involvement in solving business challenges by linking extended technology with better transparency of business intelligence and enhanced operational processes. Several positions managing and implementing enterprise technology projects followed until he became the Program Manager for Fidelity Investments’ fledgling identity management program in 1999.

Armed with a management mandate to deploy a universal identifier, Pat worked closely with a small, talented technical team and an a large number of initially bemused business stakeholders to extend the CorpID program across Fidelity’s global reach and in three years had provided the “one number that does it all” for the widely distributed and diversified financial services firm.

Once CorpID was fully deployed, Pat became, first, the Principal Information Security Risk Analyst and later, Technical Risk Advisor for FMR Co., Fidelity’s investment arm. In these roles, Pat conceived, designed, documented and oversaw the delivery of an integrated access control tool called ARROW that combined fine-grained authorization for Web and fat client applications, databases and an AS400. ARROW enabled on-line access certifications, collected resource metadata and managed the company’s RBAC program.

After leaving Fidelity in 2006, Pat worked briefly in Symantec Corporation’s consulting group before becoming Senior Manager of Access Control and Risk Assessment at Starwood Hotels and Resorts Worldwide where he was involved in securing SOA deployments, identity management, data protection, and application and vendor risk assessments. He is now Director of Global Technology Compliance for Starwood and Program Manager of the Payment Card Industry (PCI) technology remediation program currently underway there.

Pat, his wife, Judi, and daughter, Micaela, live in Milton, MA, near Boston.

The Final Step in a Homegrown IDM Solution (pt. 3) - So, let’s start hammering

May 29, 2008 – 6:00 am – To recap briefly, we have identified and analyzed all our primary sources of user data and the system and service providers who consume those data.  We have funding, developers, and a project plan to follow.  We understand our provisioning process, have identified or built a directory of user…
Posted in Technical | Tagged , | Comments (0)

In the Workshop (pt. 2) - Building an Identity Management Solution

May 7, 2008 – 6:00 am – When last in the workshop to build our own identity management system we laid the groundwork for a solution by identifying and analyzing our organization’s sourcing, staffing and human resources systems.  Now that we know where our subjects originate and what attributes are available for them,…
Posted in Technical | Tagged , , | Comments (0)

Visit to the Workshop: A Do It Yourself Identity Management Solution (IdM)

April 24, 2008 – 6:00 am – One constraint to implementing third-party identity management solutions is cost. Once the moneychangers see the quote, particularly alongside the deployment timeline, the project is likely exiled to some corporate gulag of no return. Since you will need to conduct significant analysis,…
Posted in Technical | Tagged , , | Comments (0)

Building an Access Control Framework (pt. 1)

April 16, 2008 – 6:00 am – From what I have seen of Identity Management tools, they are more about management than identity, which is fine, once you have solved the the challenge of effectively identifying all the users of your sensitive data. But, slick as they can be, an IdM tool may only automate your existing…
Posted in General | Tagged , , , , | Comments (0)

Building an Access Review Compliance Framework

April 9, 2008 – 6:00 am – One of the major selling points for IDM vendors is that their tools will simplify your access review process. In my experience and from what I have seen offered by several of the major IDM vendors, the significant investment you would make in IDM technology, you might likely do nothing more than…
Posted in Technical | Tagged , , , | Comments (0)