By Roberta J. Witty and Ray Wagner
Identity and access management (IAM) solutions are gaining momentum in a wide range of industries, but there is still a great deal of confusion around what IAM means to the enterprise.
The distributed nature of computing has made it extremely difficult for enterprises to gain a level of comfort in the authentication and authorization arenas. Large enterprises must deal with a diverse set of operating systems, databases and applications. The number of components in the environment, and the variety among them, is increasing. New application systems are being developed – as well as applications for new classes of users – with unprecedented scale requirements. Enterprises thus face the complicated task of managing how users are identified and authenticated, and how their privileges are defined and managed.
Before making buying decisions in the identity and access management space, ask yourself these questions:
– What is the relationship between my need to manage authentication and authorization, and my broader IT architecture, platform and application decisions?
– Will “security productivity enhancers” – which reduce the number of logons for the user and simplify the administration of authentication and authorization parameters for the administrator – meet with general acceptance as ways to manage complexity?
– Will these solutions become obsolete during the next five years as users exploit authentication and authorization services that are common to multiple computing resources, such as browsers and directories?
As intranets, extranets and corporate Internet access evolve, security will become an even bigger issue than it is today. Access by more users who use more devices from more locations will become the norm. Security also has been paramount during the past several years. Most enterprises have deployed what they perceive to be an adequate level of security, typically focusing on perimeter security activities, such as firewalls, intrusion detection and prevention, spam filtering and other functions.
Now, you must focus on security issues that provide “fine-grain” security regarding who has access to what resources. Regulatory compliance with the U.S. Public Company Accounting Reform and Investor Protection Act of 2002, known as the Sarbanes-Oxley Act, and European Union privacy regulations are two key drivers for this movement.
“Identity and Access Management Defined” – Managing identity and access within the enterprise requires understanding the four “A’s” of information security: authentication, authorization, administration and audit. By Roberta J. Witty, Ant Allan, John Enck and Ray Wagner
“Five Business Drivers of Identity and Access Management” – IAM solutions are deployed primarily to fulfill business facilitation, cost containment, operational efficiency, IT risk management and regulatory compliance requirements. By Roberta J. Witty
“The Identity and Access Management Market Landscape” – The selection of your initial IAM component will determine the success of your IAM initiative. By Roberta J. Witty
“EAM Market Poised for Growth Through 2007” – Although the extranet access management market grew sluggishly in 2002, EAM projects have resumed and the market will experience a 14 percent compound annual growth rate through 2007. By Norma Schroder and Ray Wagner
“Magic Quadrant for Extranet Access Management, 2H03” – Integration with user provisioning and federated identity capabilities were the primary functional differentiators among EAM products in 2003. By Ray Wagner