Digg it
Twitter
Who are you and what are you doing on my network?
It’s a question at the heart of security, and yet a number of organizations still haven’t battened down the hatches to make their networks completely protected.
But as organizations increasingly plug in wireless LANs and let partners and customers connect to their systems, identity and access management (IAM) will become vital for survival. For these reasons alone it’s important that organizations regularly review their IAM strategies.
In addition, there are some recent technology-related reasons as well.
What could be a seismic event in the pedestrian world of identity and access management took place this spring when Hewlett-Packard got out of the business. One might think that IAM was the perfect fit for HP and its network management applications. After all, competitors with network management suites such as IBM (through its Tivoli division), CA, and Sun Microsystems fuse identity management with their applications.
But just over four years after getting into the business through an acquisition, HP sold its Identity Centre line to Novell, which is now eagerly trying to migrate those customers to its Identity Manager, Access Manager and Sentinel products No doubt that if you’re an Identity Centre user, IAM competitors have been knocking on your door trying for a piece of that business with some tempting offers.
Also this spring Hitachi Ltd. quietly snapped up majority control of Calgary identity management software maker M-Tech Information Technology. Now called Hitachi ID Systems, it will be encouraging Hitachi customers to shift to the company’s P-Synch password management and ID-Synch user provisioning software.
Just as this article was being finished, CA bought IDFocus LLC, which makes the ACE entitlement management application. It will be rebranded and sold as part of CA’s Identity Management software line.
Get ready for more consolidation among IAM companies, warns Perry Carpenter, a research director in Gartner’s information security and privacy group. “It’s significant that a company as large as HP would pull out of that market,” he observes. “They were considered a market leader.”
Because of the increased potential your supplier will disappear, Gartner warns organizations to ensure licence agreements with vendors at least address the possibility of mergers or acquisitions, including early-out and discount clauses.
Beyond M&A activity, there are other recent activities to watch. There’s no shortage of standards out there for securely exchanging identity information across networks, none of which has seen universal acceptance. Another one, called Information Cards and promoted by Microsoft, Novell, Nortel, VeriSign and others, has emerged and is worth keeping an eye on.
Under this approach, individuals could hold many digital cards, which would let them be authenticated on multiple Web sites without maintaining passwords for each site. Last month the open standards Oasis consortium formed an identity metasystem interoperability technical committee to develop the concept. Another emerging technology to meet the compliance demands of knowing who is going where on internal networks is the move to make networks identity-aware. It’s what Gartner analyst Lawrence Orans calls “the intersection of network access control and identity and access management.”
Pushed by veteran network suppliers as well as startups such as Applied Identity and AEP Networks, there are three approaches: deep packet inspection (backed by Nevis Networks and Enterasys among others), packet tagging data, which can then be controlled through an identity firewall (Cisco’s TrustSec approach) and putting a role-based certificate that lists permitted activities on every end point (Microsoft’s IPSec-based solution, called server and domain isolation). These solutions can put a strain on today’s networks, Orans points out. But he believes the concept will spread as the cost comes down.
Before getting to that point organizations have to take stock of where they are now. Those managing user identities through a spreadsheet need to at least invest in a directory, says James Quin, an analyst at Info-Tech Research of London, Ont. All-Microsoft shops should at least be using Active Directory, he says, which for many organizations can be enough.
Those wanting to take IAM seriously not only should be using a directory but also roles-based management software, which makes provisioning easier by assigning staffers pre-defined roles with permissions for logging on to various data stores. Look for features that automatically change roles when a staffer is promoted and deletes names when people leave the company. Ross Chevalier, president and CTO of Novell Canada, says some studies suggest as many as 60 per cent of user accounts may be invalid in many organizations because they aren’t updated.
icon.
