Royal Dutch Shell Plc  .com Rotating Header Image


Posted by “IT4me”
on Nov 8th, 2009 at 11:18 am


One of the more intriguing IT projects running at the moment is “IAM” – IDENTITY and ACCESS MANAGEMENT. Shell has always had poor quality ‘people’ records. Identity Theft is all around us. So an idea now exercising senior minds is that that “Corporate Identity Theft” could become a reality.

Far-fetched? Remember that computer viruses started in science fiction. Many Shell people now work from home and never meet anyone face-to-face. Some have never even met their bosses. So “IAM” sounds like an idea whose time has come, and is perhaps even overdue. Could this even be chance to enforce a set of standards on ALL Shell systems ? Even those that persistently ignore them?

Reader, how did you know I was talking about SAP? And what have they done this time?

The “I” in IAM is for IDENTITY. Every new Shell SAP system creates its ‘people’ records from scratch. SAP is foreign to Windows, so its reconciliations with Active Directory (Who’s Who) are occasional and half-hearted, like 3rd world crackdowns on crime. Open SHELL PEOPLE and you see hundreds of identity errors. Open GSAP and you see sales figures for reps who left months ago. Escalate either and you are a troublemaker. Shell/SAP culture institutionalises poor data quality and low diligence. Nobody cares.

The “A” is for ACCESS MANAGEMENT. Walk into any Shell office with a laptop purchased 45 minutes earlier and you can access live SAP servers without a SMARTCARD.

This arises because:

(i) Network security is turned off to allow Global Roaming, allowing foreign laptops in.
(ii) Smartcard protection itself only covers Windows systems.
(iii) The Shell/SAP community are ‘above the law’.

There is still a significant password barrier to overcome, but security standards the Group claims compliance with deem this insufficient. What’s more, this security hole has been there for the best part of a decade, known about and ignored. What we have instead is a ban on foreign laptops, effectively a sign on the chicken coop saying “No Foxes Please”.

Conclusions ? I would suggest that IAM is a good idea provided no SAP technology is involved because in Shell’s hands, it’s sloppy, insecure and ruinously expensive. And errm, guess what… and its sister non-profit websites,,,,,, and are owned by John Donovan. There is also a Wikipedia feature.


Leave a Comment

Comment Rules

  • Please show respect to the opinions of others no matter how seemingly far-fetched.
  • Abusive, foul language, and/or divisive comments may be deleted without notice.
  • Each blog member is allowed limited comments, as displayed above the comment box.
  • Comments must be limited to the number of words displayed above the comment box.
  • Please limit one comment after any comment posted per post.

%d bloggers like this: