Changing the Face of Identity Management - Systems Management News On The Web

DEPARTMENTS

HOME

TOP STORIES

DATA CENTER NEWS

EDITORIAL CALENDAR 08

EDITORIAL CALENDAR 09

ON THE WEB

PRINT EDITION

BZ MEDIA

AS OF 12/4/2008 12:07AM EST

Changing the Face of Identity Management
By Michelle Savage

July 21, 2008 — The game is changing for identity management, and an increasing number of companies are quickly innovating to meet new challenges, such as identity life-cycle management, role management and auditing needs.

New research released by market intelligence firm IDC shows that companies worldwide are increasingly looking for end-to-end solutions built on a common platform, providing integration, management, reporting and workflow capabilities. To address this demand, IDC predicts increasing vendor consolidation in the identity access management (IAM) market. And the trend has already started.

In 2008 alone, Sun acquired Vauu Inc., IBM acquired Encentuate, Quest Software acquired PassGo Technologies, Ping Identity acquired Sxip Access (a product for on-demand identity management) from Sxip Identity, and Hitachi bought a majority stake in M-Tech.

“Spending is expected to continue to be strong as organizations turn to IAM solutions to help manage risk, improve corporate oversight, protect assets, improve productivity, reduce cost and complexity, and enforce and simplify the compliance process,” said IDC analyst Patrik Bihammar. “Key developments in the IAM market over the forecast period [by 2012] will include its role within the broader governance, risk and compliance market; application-, service- and user-centric identity management; and integration between IAM and security information and event management, network access control, and system management solutions.”

A 2008 Forrester Research report predicts that identity and access management will explode over the next few years; specifically, the firm estimates that what was a US$2.6 billion market in 2006 will grow to $12.3 billion by 2014. In addition, during the next seven years, Forrester said that buying behavior will migrate from point products to identity suites—and, to a lesser extent, from products to managed services.

According to Forrester, the provisioning elements of IAM suites and products are of most interest to enterprises, as they provide the capability to impose access restrictions on users as they are added to the network, making it easy to identify who they are and what data they should have. Over time, the research firm said that vendors will increasingly offer provisioning and other IAM capabilities as services, further simplifying identity management.

Doug Leland, Microsoft’s general manager for the identity and access division, said that there is a lot of room for improvement in the identity management market, because “the state of the art in identity management is under-delivering.”

“Customers are looking for a full life-cycle approach to ID and access management,” he said. “They want the ability to manage the full breadth of identity—including their identities, their credentials, their resources and their access to those resources—across the life cycle of when a new user joins all the way through to when that user leaves the organization.

“There are no meaningful tools provided for information workers to manage their own identities,” continued Leland. “The burden is placed solely on the IT help desk. It is looked at solely by the industry at large as an IT problem and the solutions are purely IT solutions.”

This is a costly issue, as Leland said one in four help-desk calls are identity related and are often for simple tasks such as changing a password. “High-volume calls tend to drive up costs,” he noted. “I’ve seen statistics of $50 per call.”

In addition, Leland pointed out that the existing applications are siloed, meaning that there are separate applications for managing identities and credentials. “The industry at large doesn’t look at strong authentication and credential management as being part of identity and access,” he said. “Microsoft is unique in that we view this as two sides of the same coin. They belong together. This will change the overall approach and address many of the challenges businesses are facing.”

Changes in the Market
Lina Liberti, vice president, CA Security Management, argued that traditional identity management offerings haven’t been under-delivering; rather, the market is evolving into new areas, including entitlement certification, which ensures that only approved users gain access to sensitive business information.

“As a result, new entrants into the market have offered standalone solutions which need to complement existing identity management offerings,” she said. “To address the complete issue of managing user identities across the entire life cycle of the user, a complete solution is required, including all three components (identity management, entitlement certification and role management). Traditional identity management offerings do allow customers to manage identities, credentials, authentication, etc. in one solution.”

Indeed, a number of summer announcements highlighted the commitment to putting identity management in the hands of end users—giving them the tools they need to manage identities and access information—and delivering a single solution for identity management.

Sun Microsystems added business roles to its provisioning software package, in an effort to keep up with the ever-growing list of competitors, including CA and Oracle, who allow users to define business roles in their identity management solutions. Sun Identity Manager 8.0 is available as a standalone solution or as part of the Sun Java Identity Management Suite, which allows users to manage identities, including validating role definitions; compare user access privileges to assigned exceptions; and log user access. Sun said that its overall identity management strategy involves further unification of this suite, to expand beyond identity, roles, and compliance to access and directory.

Shortly after announcing a reseller deal with Eurekify, a provider of software for role-based management in large enterprises, CA extended its Identity Lifecycle Management solution, which is made up of CA Identity Manager for provisioning and CA Security Compliance Manager for entitlement certification and role management technology, to include Identity Manager r12, which adds strong auditing and reporting capabilities that enable customers to more easily respond to the compliance mandates of “Who has access to what?”

And Microsoft took a second stab at identity and access management with the public beta release of Identity Lifecycle Manager 2, which Leland said puts users at the center of the application suite. “This is the first integrated identity management system that gives identity management tools to audiences beyond the IT department, including powerful self-service capabilities through Microsoft Office for end users and familiar .NET- and WS-*-based tools for developers,” he added.

According to Leland, Microsoft’s overall strategy is to deliver a full range of identity management solutions that supports both on-premises scenarios as well as cloud-based scenarios, and both physical and virtual environments.

ILM 2 is a step in this direction; it supports identity and access management across both physical and virtual environments and can be extended across operating system environments by Microsoft partners. For example, Gemalto offers two-factor authentication, Omada Solutions provides role-based access control and compliance, and Quest Software extends Active Directory and Active Directory federation to non-Windows environments.

Because one of the biggest drivers changing the identity management industry is increasing compliance demands, it seems unlikely that the race for the ideal identity management system, which Leland described as bringing “a heightened level of security and compliance through a combination of identities and credentials and access management together in one management system,” will slow down any time soon. “As companies struggle with the regulatory compliance challenges at the national, federal and industry levels, they need to ensure that they know who is accessing what information, and be able to log and track that information,” said Leland.

A national survey released by CA in July showed that 44 percent of U.S. security executives reported that internal breaches have been a key security challenge over the past 12 months—compared with 42 percent in 2006 and 15 percent in 2003.

According to Liberti, identity and access management technologies are critical to managing these internal threats.

“By effectively managing who has access to what, customers can reduce the risk of compromised information,” she said. “Through well defined roles, strong identity management and provisioning and an effective process for ongoing entitlement certification, organizations can effectively answer the question of who has access to what—reducing risk and improving overall security posture.”

Related Search Term(s): Identity management, CA, Microsoft, Oracle, Sun

Share this link: http://sysmannews.com/link/32577

EMAIL THIS ARTICLE

SEND FEEDBACK