In The Boardroom With...

Mr. James Heaton
Global Director of Identity Management
General Motors
Nasdaq:GM Thank you for joining us today, Jim. Please give us an overview of your background and a brief history of GM’s Identity Management Group.

Jim Heaton: After working my way up to being the first CIO for an international automotive parts supplier, I joined Oracle and then IBM, helping both launch their global automotive vertical consulting practices. From there I came to GM as the Director of Systems Integration for Manufacturing. Coming to GM was the realization of a dream for me as a hard core car guy. I have a passion for our products, and we have a lot of them to be proud of these days.

My current assignment is as GM’s first Global Director of Identity Management. Before I began this task, GM had some great people doing directory work around the world, but no single sanctioned Identity Management strategy with a team to span the company. Please give us an overview of GM ID solutions.

Jim Heaton: As a company that does business in over 200 countries around the world, GM has a large diversity of ID solutions that were built up over time. A major breakthrough for us was senior leadership approving a global strategy for unified identities within GM. We’ve been driving hard down that path, and more recently in linking all the good Single Sign On (SSO) work done in our different process areas into a more unified SSO experience for our users. What is your perspective on the market drivers for secure ID and authentication at this time.

Jim Heaton: Beyond the obvious regulatory compliance requirements, we see the push toward SSO driving easy-to-use but more secure credentials. At first glance experts often think these are diametrically opposed objectives, but large numbers of complex single factor credentials (think ID/password combinations) drive emergent behavior in users that can be far less secure than a solid, unified 2 or 3 factor solution. Are there one or two recent projects or success stories you’d like to talk about?

Jim Heaton: Getting agreement on a unified logon ID, as well as global common unique key for people using our systems was a major success. We are a long way toward rolling out those identifiers to hundreds of thousands people using GM systems, and we have hundreds of applications already adopting that common login. A major challenge though is to convince COTS vendors that the login identifier should not be the public ID for each user – it’s a factor of authentication, not a collaboration ID. Almost all of them use some kind of internal index to uniquely assign to identity records, but it can take some convincing to get them to open that up so we can have a common identity index across our systems. That index is a natural replacement for government identifiers in many situations. How do you see the transition from Government to commercial usage of biometrics for secure ID coming along?

Jim Heaton: Clearly we are in a phase where the commercial sector is looking for ways to adopt secure ID technologies. Government adoption has allowed these solutions to incubate and mature. Companies like GM are interested in these technologies now more seriously than when they were an order of magnitude more expensive. What resources such as White Papers and Case Studies are available for end-users on

Jim Heaton: Our focus at GM is on great cars and trucks, so the work we do in IT is always focused on enabling that. I will point to some of our vehicles and their interesting use of identity technologies as our inspiration. has information on some of these features. For passenger vehicles a great feature we have offered in many models for some time is driver customization and personalization. The vehicle stores your preferences for seat, mirror and pedal position, radio presets (including equalizer settings by station), volume when you were last in the vehicle, GPS favorite destinations, climate control settings, your name or greeting to display and many more settings. These are mapped to the wireless key fob and/or key used by the driver. In my last Cadillac STS, the vehicle would actually set these before I got into the vehicle without me touching a button (wirelessly from the fob), and would lock the door as I walked away. This combination of user friendliness and improved security is what we are after in IT when we are implementing new projects. Picture something as simple as remote start – what if my PC could start the login process for me as I was approaching (while still keeping the console locked), and be ready to go when I sat down? We understand that you will be speaking at the I-Pira Biometrics Series.
May we have an overview of the key subjects you’ll be addressing?

Jim Heaton: I’ll be talking about possible uses of fingerprint technologies that GM is interested in. We have some use cases that we think are generally applicable in the market.