IT’S NEVER EASY being an early adopter. When I got into the business over 25 years ago, we custom-wrote all our own applications. You name it, we wrote it – order management, general ledger, fixed assets logistics. There were no off-the-shelf solutions like today. Back then, you’d design them, write them and support them on your own.

Eventually, companies like SAP, Oracle and PeopleSoft took over the business applications market with standard, powerful, interoperable, off-the-shelf solutions. Today, writing your own general ledger system is pretty much unheard of, or just plain crazy.

But this move to more custom development standards solutions continues to repeat itself. One area currently in this transition phase is identity and access management (I&AM) — a hot button for many CIOs. Aparticularly challenging subset of I&AM is federated identity management (FIM). Essentially, FIM tries to determine how you can leverage digital identities and credentials among companies, partners and customers. Oh, and while you’re at it, do it in a secure, non proprietary, standardsbased and scaleable way.

As you’ll see from this issue of Vantage, FIM can deliver many benefits to your business, most of them focused on the most important areas: brand loyalty, operational efficiency, enhanced customer experience and closer connections with your partners and customers.

To be sure, this is still a new generation of software, promising to weave the Internet together in unprecedented ways and with broad cost benefits — but with a fair share of pitfalls. What CIOs should remember, however, is that real companies (both large and small) are doing real things with these standards today.

A picture of early FIM adopters has emerged. The most aggressive adopters are financial services companies. They are using these standards to seamlessly move digital identities and their associated authentication and authorization credentials among their various divisions and lines of business or with their business partners. For example, a bank with a strong online presence may not provide insurance products, but could greatly benefit from the ability to seamlessly hand a customer off to an underwriting partner that will trust the ID credentials that the bank provides.

Manufacturing is also hot on the trail. Heavy dependence on supply-chain management and just-in-time manufacturing make the automotive industry an excellent early adopter. The ability to enable the MRP systems of, say, Ford, General Motors or DaimlerChrysler to transparently exchange purchasing and fulfillment transactions with their suppliers brings obvious operational efficiencies.

Other early-adopter stories are coming in from a variety of industries — telecom, defense, education, government and even the more challenging consumer market. As you would expect, many of these pioneers start with FIM deployments inside their own enterprises but quickly extend them to support trusted channel partners and suppliers. What makes it easier for today’s early adopters is the emergence of a strong set of standards. The big ones include SAML/Liberty and WS-Federation. RSA Security has played a leading role in defining many of these important standards. They enable the loose coupling of systems to avoid the proprietary, inflexible solutions of the past.

The encouraging feedback from early adopters bodes well for the long-term viability of the FIM model. One of the most tangible benefits for many of these companies has been cost savings via reduced calls to the helpdesk. More seamless and transparent management of identities via web-based and enterprise single sign-on (SSO) means fewer password resets and helpdesk calls.

But a word to the wise: start small and build from there. Early success builds momentum, demonstrates value, and allows for learning and refinement prior to larger deployment. The standards continue to evolve and develop, so stay flexible.

What’s more, go into it with your eyes open to issues around legal agreements, contracts and intellectual property. In a lot of respects the business issues can be tougher than the technical issues.

But, then again, all of this will be a whole lot easier then writing your own general ledger system, won’t it?