Royal Dutch Shell Plc  .com Rotating Header Image


Posted by “IT4me”
on Nov 8th, 2009 at 11:18 am


One of the more intriguing IT projects running at the moment is “IAM” – IDENTITY and ACCESS MANAGEMENT. Shell has always had poor quality ‘people’ records. Identity Theft is all around us. So an idea now exercising senior minds is that that “Corporate Identity Theft” could become a reality.

Far-fetched? Remember that computer viruses started in science fiction. Many Shell people now work from home and never meet anyone face-to-face. Some have never even met their bosses. So “IAM” sounds like an idea whose time has come, and is perhaps even overdue. Could this even be chance to enforce a set of standards on ALL Shell systems ? Even those that persistently ignore them?

Reader, how did you know I was talking about SAP? And what have they done this time?

The “I” in IAM is for IDENTITY. Every new Shell SAP system creates its ‘people’ records from scratch. SAP is foreign to Windows, so its reconciliations with Active Directory (Who’s Who) are occasional and half-hearted, like 3rd world crackdowns on crime. Open SHELL PEOPLE and you see hundreds of identity errors. Open GSAP and you see sales figures for reps who left months ago. Escalate either and you are a troublemaker. Shell/SAP culture institutionalises poor data quality and low diligence. Nobody cares.

The “A” is for ACCESS MANAGEMENT. Walk into any Shell office with a laptop purchased 45 minutes earlier and you can access live SAP servers without a SMARTCARD.

This arises because:

(i) Network security is turned off to allow Global Roaming, allowing foreign laptops in.
(ii) Smartcard protection itself only covers Windows systems.
(iii) The Shell/SAP community are ‘above the law’.

There is still a significant password barrier to overcome, but security standards the Group claims compliance with deem this insufficient. What’s more, this security hole has been there for the best part of a decade, known about and ignored. What we have instead is a ban on foreign laptops, effectively a sign on the chicken coop saying “No Foxes Please”.

Conclusions ? I would suggest that IAM is a good idea provided no SAP technology is involved because in Shell’s hands, it’s sloppy, insecure and ruinously expensive. And errm, guess what… and its also non-profit sister websites,,,,, and are all owned by John Donovan. There is also a Wikipedia article.


Leave a Comment

%d bloggers like this: