The Burlington Northern and Santa Fe Railway (BNSF) was having an identity crisis. Make that an identity management crisis.
The trains ran on time, but managing user accounts for 40,000 employees scattered around the country was falling behind schedule. Accounts on every system, from mainframes to Windows NT, had to be administered separately by IT staff trained in that particular platform.
"It was cumbersome, it was inefficient, and there were security risks," recalls Rick Perry, the railroad's director of enterprise operations and security.
BNSF is one of thousands of organizations struggling with identity management, a concept that describes both a technological challenge and a category of solutions involving distributed access control, authentication and authorization.
This is the story of four of those organizations: BNSF, the U.S. Department of Defense, Lufthansa airlines and the state of North Carolina. While all four are tackling the identity management problem head on, each defines the challenge differently, using a different set of ID management tools.