Lessons from Pfizer's ID management effort. Pfizer’s move to integrated ID management came with more than a few hard-won lessons. For CIOs contemplating ID management overhauls or smart card projects, Scott Potter, Pfizer’s senior director for worldwide business technology, and Leslie Holbrook, director for worldwide business technology, have five key suggestions. 1. Understand your business case, cold. “This is the only bleeding-edge technology project [that I’ve worked on] that I felt had an iron-clad business case,” Holbrook says. “We had a hard business reason to push this.”2. Build “as flexible a platform as you can afford,” Holbrook says. Don’t skimp on memory or chips. Pfizer is seeing the ability to add Java applets to its cards pay off—for example, with a new biometrics application, she says. “Blow it out,” she says, meaning leave room on the smart cards for unanticipated uses. You don’t want to have to go out and redeploy cards after a short time. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe 3. Leave plenty of time to craft your policies around certificates and passwords. Pfizer had to deal with a multitude of questions around passwords, reset times and the like. The technology was ready before the policy. “Our digital signature policy had about 100 authors,” Holbrook says. “I’m not sure how long it is but it’s a sure cure for insomnia.” You’ll also have to decide who’ll own the policy when it’s done, and it may not have a natural home, she adds. At Pfizer, human resources, risk management and internal audit groups own the policy. 4. Strike “a tight partnership with legal from the start,” Holbrook says. “It’s really crucial.” Also, bring in outside help to give your IT and legal staff advice on the bleeding-edge issues. “We were able to tap into some consulting resources,” Holbrook says, to gain people with experience with the financial and legal issues relating to digital credentials. In one example, Pfizer had to confirm precisely what kinds of digital signature policies need to be attached to its lab research notebooks.5. Make sure the IT people on the project are flexible. “Being on the bleeding edge always hurts a little,” Holbrook says. “You need a team that can roll with the punches. There’s no solution for this. There’s no standard API. It’s just not standard development work.” Related content news Oracle bolsters distributed cloud, AI strategy with new Mexico cloud region The second cloud region in Monterrey, providing over 100 OCI services, is part of Oracle's plan to compete with AWS, Google and Microsoft, and cash in on enterprise interest in generative AI. By Anirban Ghoshal Sep 26, 2023 3 mins Generative AI Generative AI Generative AI brandpost Zero Trust: Understanding the US government’s requirements for enhanced cybersecurity By Jaye Tillson, Field CTO at HPE Aruba Networking Sep 26, 2023 4 mins Zero Trust feature SAP prepares to add Joule generative AI copilot across its apps Like Salesforce and ServiceNow, SAP is promising to embed an AI copilot throughout its applications, but planning a more gradual roll-out than some competitors. By Peter Sayer Sep 26, 2023 5 mins CIO SAP Generative AI brandpost Mitigating mayhem in a complex hybrid IT world How to build a resilient enterprise in the face of unexpected (and expected) IT mayhem moments. By Greg Lotko, Senior Vice President and General Manager, Mainframe Software Division Sep 26, 2023 7 mins Hybrid Cloud Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe