Sponsor's Message - Abridean
Free eBook on User Management and ProvisioningLearn more
about user management and provisioning from industry expert David
Kearns. Abridean and Realtimepublishers are offering a free ebook
"The Administrators Guide to User Management and
Provisioning".
The book provides critical
information and real-world examples for companies at any stage in
planning or deploying a user management and provisioning solution.
- An overview of user management and provisioning
- A
vendor-neutral survey of technologies and techniques for user
management and provisioning
- Advice on selecting the right
administration techniques
- Technical implementation approaches
and lessons learned
- The impact of important emerging
standards
- Critical new regulatory requirements that must be met
by certain organizations
To learn more about abridean's user
management and provisioning solution visit www.abridean.com
Register
now for your free eBook
|
| |
Dear Colleague,
Welcome to the latest issue of the DIM Report - bringing
you news and comment from the world of Identity Management.
After last issue's dearth of webinars, our cup
overfloweth this issue, so make sure you attend at least one
this month - there might be another shortage sometime soon.
However, the current whitepaper and article drought shows no
sign of ending, I'm afraid. If you spot one of these rare
beasts whilst sightseeing on the information superhighway,
please let me know.
Luckily, for anyone suffering from IdM knowledge deprivation,
we have two choice goodies from this issue's sponsors, abridean,
for your delectation. Not only have they provided an excellent
article on the subject of modular user management and provisioning,
but the second chapter of their esteemed eBook is now available
on their website - see the sponsor's column for details.
Regards,
Dave Nesbitt
|
|
|
|
|
Modular user management and
provisioning |
| |
by Jeff Schultz, SVP of Marketing and Alliances, abridean
Identity management solutions are comprised of several critical
components: directory services, access management services,
authentication services, and user management and provisioning
services. The first three components have garnered much attention
in recent years more recently, user management and provisioning,
has emerged as a critical component that helps organizations
enforce security policies, meet new regulatory compliance
requirements, reduce costs, and ensure that users have access
to corporate resources.
The very reason user management and provisioning systems are
so valuable is also the reasons organization have difficulty
implementing them. A complete system involves setting and
enforcing policies for hundreds, if not thousands of different
applications, directories, and non-digital assets, most of
which are owned by different teams or business units, making
it hard to gain consensus on overall policies.
Then, you have the practical issues within today's IT departments.
Identity management has vaulted to the top of organization
priority lists, but at the same time IT budgets remain tight
and staffing remains low, making it difficult to embark on
large-scale projects. Additionally, most organizations have
already addressed some portion of identity management with
best-of- breed products that have been available for years
and meet specific needs. Today, organizations are hesitant
to deploy large scale systems - they want to reuse existing
technology and solve manageable problems with manageable solutions
within manageable timeframes.
Fortunately, user management and provisioning products built
using modern product architectures and emerging standards
make it easier for solutions to be designed modularly and
deployed by organizations in phases.
The benefits:
- Easier to choose best-of-breed products and components
- Mitigate project risk
- Quicker results
- Integration with legacy systems
- Overcome political challenges
Below are some key factors to consider when adopting a phased
approach to deploying a modular user management and provisioning
system:
Address the most critical business processes first
User management and provisioning solutions address several
critical business functions such as:
- Identity creation and maintenance
- Password management
- Group management
- Shared file management
- Compliance and reporting
- Entitlement management
The final solution should encompass all of these disciplines,
but they do not have to be implemented all at once.
A major manufacturer we worked with identified that providing
enabling end-users to manage group membership and easily request
group creation for distribution lists and file shares would
substantially reduce help desk costs and empower their users.
They chose to implement this function first, and then follow
on later with a solution to automate group membership assignment
and add more complex workflow. Once they are ready or identify
the need they can easily round out their solution with password
management and entitlement management.
Modular products allow organizations to deploy the functions
they need, when they need them.
All applications are not created equal
Many user management and provisioning deployments are hindered
when organizations attempt to automate too many applications
at one time. Effective deployments prioritize application
rollout based on risk, complexity, and business need.
A major airline customer chose to automate the provisioning
of their email system before automating other applications
primarily because of the pervasiveness of email systems amongst
its users. Additionally, they found the risk associated with
not effectively enabling and more importantly disabling and
archiving email was too great. Other organizations view their
CRM and sales force automation systems as their most critical
applications.
By choosing to automate applications that are the most pervasive
and carry the highest potential risks first organizations
can overcome the daunting challenge of supporting numerous
legacy applications and processes on day one.
One administration approach does not fit all
User management and provisioning systems enable organizations
to delegate identity administration to help desks and even
non-IT personnel, automate the process from an authoritative
source, or securely push tasks to end-users through self-service
portals. These approaches can dramatically improve the process
and reduce costs; however one size does not fit all.
One of our customers, a major financial services firm, has
a central IT organization that serves multiple business units.
Each business unit has a different approach to administration-some
want very specific web-based forms to walk an administrator
through a tightly controlled process, others want to have
it completely hands-free from the HR system. All of them want
to have a centralized way to define and enforce overall policies,
regardless of administration approach, and have a central
location to access audit and compliance data.
Modularity makes it easier for user management solutions to
allow different departments and business units to customize
their processes and user interfaces while still conforming
to a unified set of policies and reporting capabilities.
Conclusion
Whether an organization is embarking on user management and
provisioning to lower costs, improve security, or meet compliance
regulations, the key to a successful project is to start with
the end in mind but implement and deploy in phases. Fortunately,
the products, technologies, and standards now exist to take
that approach.
|
|
|
Federated Identity at TechEd |
| |
Identity Management seems to be getting higher on
Microsoft's agenda. Following the successful launch of
Microsoft Identity Integration Server last year, Microsoft
used the platform provided by this year's TechEd conference to
demonstrate their credentials in the fast-growing federated Id
space, as they demonstrated interoperable federated identity
management solutions based on the Web services architecture
(WS-*) with IBM, Netegrity, Oblix, OpenNetwork Technologies,
Ping Identity and RSA Security.
The WS-Federation
specification defines mechanisms to federate identity,
account, attribute, authentication and authorization in a
secure manner and is part of WS- *, the joint Microsoft and
IBM proposed specifications for web services security first
announced in April 2002. "Identity federation is the next
logical step for the advancement of secure Web services as
organizations need to connect securely to realize new business
opportunities at ever-increasing speed," said Joe Anthony,
program director of Integrated Identity Management, Tivoli
Software, IBM, in the Microsoft press release.
"Interoperability through WS-* and the delivery of identity
management software based on those standards is a real asset
to our customers as they build on-demand businesses."
The other vendors taking part in the demonstration
were also keen to show support for WS-* in their federated ID
products with Oblix, Netegrity, OpenNetwork, RSA and Ping
Identity all making separate press releases to mark the
occasion.
Microsoft
Demonstrates Federated Identity
|
|
|
Netegrity and Maxware |
| |
Netegrity have had a busy couple of weeks. As
well as being one of the vendors to take part in the Microsoft
Federated ID demo at TechEd (see above), they gained a new CTO
and announced the latest release of their IdentityMinder
eProvision product. The new CTO is Vadim Lander, a former
senior software engineer who has been at Netegrity since 1996,
replaces Deepak Taneja, Netegrity's CTO for the past six
years. Taneja will be leaving Netegrity to pursue
entrepreneurial opportunities. The latest release of
IdentityMinder eProvision (the technology Netegrity acquired
when they purchased Business Layers) includes new features
such as enhanced workflow and simplified administration.
IdentityMinder eProvision 4.0 is expected to be available at
the end of June 2004.
Netegrity
MaxWare too have been very busy, announcing a significant
customer upgrade and two important technology integration
achievements. First, they announced that the United States
Marine Corps (USMC) has upgraded to the MaXware Identity
Center, MaXware's provisioning solution as part of an enterprise
license that the Marines purchased in 2003. Next, they announced
that Identity Center will integrate with Microsoft Identity
Integration Server 2003, Enterprise Edition (MIIS). "MaXware
provides additional features, such as robust workflow and
provisioning capabilities, to enhance an MIIS deployment,"
said Elizabeth Mann of Mycroft Inc in the MaxWare press
release. Finally, they announced that the MaXware Data Synchronization
Engine (DSE), the company's solution for handling, synchronizing,
converting and joining any kind of data to and from any
type of data repository, has been certified "ca smart" with
eTrust Directory from Computer Associates International,
Inc. (CA).
MaxWare
|
|
|
A Cornucopia of Webinars |
| |
First up is "A Blueprint for Secure Web Services
Management and Application Interactions", hosted by
Oblix and delivered by research firm Forrester and The
Hartford Financial Services Group. It's not strictly IdM I
know, but there is significant overlap between web services
and IdM, so I thought you might be interested anyway. The
presentation takes place on June 17, 2004 at 8:00 am PDT;
11:000 am EDT; 16:00 GMT.
Web
Services @ Work: A Blueprint for Secure Web Services
Next, Netegrity are running a webinar
entitled "How to securely manage access rights throughout the
employee lifecycle with Identity Management". According to the
Netegrity website, 'The biggest threat to the security of an
organisation is within' and this webinar will discuss how to
securely manage access rights throughout the employee
lifecycle with Identity Management. The presentation takes
place on Thursday, June 24th at 2:00pm BST, 3:00 CET.
Access
rights throughout the employee lifecycle
Courion are running a webinar on June 15, 2004
at 11:30 - 12:30pm EST. Entitled "The Adaptive Enterprise:
Where Business and IT Meet", it features Val Sribar, Senior
Vice President & Director, of analyst firm META Group.
Issues to be discussed include: how to align your information
security best practices with business process and policy; how
identity management supports a broader risk management and
corporate governance strategy; How to accelerate the time to
business value with self-service identity management.
Adaptive
Enterprise: Where Business and IT Meet
Following
their bold leap into the Federated ID lake, RSA are
hosting a webinar on that topic, featuring a case study from
Nationwide Financial who have implemented cross-company single
sign-on using SAML. The webinar takes place on June 9, 2004 at
2:00PM EST.
Case
Study: Federated Identity at Nationwide Financial
|
|
|
News In Brief |
| |
Sun
Doubles Down on Identity Management: During its second
quarterly Network Computer '04 launch, Sun announced a
comprehensive set of products and alliances to power its
position in the $4 billion* identity management market. The
new Sun identity management product line includes: the Sun
Java(TM) System Identity Manager, the Sun Java System Access
Manager and the Sun Java System Directory Server Enterprise
Edition. In addition, Sun has established relationships with
Deloitte & Touche LLP and PricewaterhouseCoopers to
support the deployment of these new identity management
products.
Novell
Reports Financial Results for Second Fiscal Quarter 2004:
Novell announced financial results for its second fiscal
quarter ended April 30, 2004. For the quarter, Novell reported
revenues of $294 million, compared to revenues of $276 million
for the second fiscal quarter 2003. Net income in the second
fiscal quarter 2004 was $10 million. The net loss available to
common shareholders was $0.04 loss per share, compared to a
net loss of $29 million, or $0.08 loss per share, for the
second fiscal quarter 2003.
Computer
Associates Reports Q4, Full Fiscal 2004 Results and Provides
Guidance for 2005: Computer Associates announced financial
results for its fourth quarter and fiscal year ended March 31,
2004, and provided revenue and earnings per share guidance for
the first quarter and fiscal year 2005. Total revenue for 2004
increased 8 percent over 2003 to $3.28 billion and the GAAP
full-year loss from continuing operations is $0.06 per share.
RSA
Security Wins Multiple Awards For Best Two-Factor
Authentication Solution: RSA Security announced that its
RSA SecurID two-factor authentication was honored with the SC
Magazine 2004 Global Award as the "Best Small Business
Security Solution." In addition, the RSA SecurID for
Microsoft® Windows® solution was given a 2004 Readers Choice
Award by Windows Server System Magazine in the user
authentication category.
RSA
Conference, Europe 2004: 3rd - 5th November: Organisers of
the RSA Conference in Europe announced details of the
confirmed programme for this year's event, which is taking
place on 3rd - 5th November at the Princesa Sofia Hotel in
Barcelona, Spain.
Liberty
Alliance Outlines Framework to Support Federated Web
Services: Liberty Alliance, the global consortium
developing an open federated identity standard and business
tools for implementing identity-based services, today released
an overview of its Identity Web Services Framework (ID-WSF)
and how it is adapted to general Web services development.
Responding to strong industry interest in ID-WSF, released
publicly in April 2003 and finalized in November 2003, Liberty
Alliance has created this document to help interested parties
quickly understand the benefits of Liberty's web services
framework.
ActivCard
Appoints Ben C. Barnes As Chief Executive Officer:
ActivCard announced the appointment of Ben C. Barnes as Chief
Executive Officer, commencing May 31, 2004 . Mr. Barnes was
also elected to serve on the Company's Board of Directors.
|
| |
