HOT PICK: ID-Synch v4.0
M-Tech Information Technology
Price: $20-$30 per user
Manually managing user accounts in complex, heterogeneous environments is both a tremendous drain on IT resources...
and a significant security risk. In an era of regulatory pressure, the lack of firm, centralized control over access and authorization policies is an invitation for failed audits and government sanctions. "Ghost" accounts of terminated and transferred employees are a common and persistent security risk.
M-Tech has long been one of the leaders in this market, and ID-Synch v4.0 is a robust product for easily managing large numbers of users. It guides managers through an intuitive, clean and easy-to-navigate Web interface, with connectors for more than 70 different platforms including directory services such as LDAP, Active Directory, NT Domains, Novell eDirectory and NDS, and Kerberos. Also covered are major *nix and mainframe systems, and messaging systems such as MS Exchange, Lotus Domino/ Notes and Novell GroupWise.
ID-Synch uses these connectors to control user IDs and access for each of these applications, providing a flexible work flow model. For example, if a new employee or contractor is hired, the manager connects to the Web-based interface and enters information requesting new accounts for Active Directory and SAP access. This function is bidirectional -- accounts can still be added traditionally through the application, and ID-Synch will discover them during scheduled searches. Admins are alerted about requests through e-mail and can either approve or deny them through the Web interface. Any event that would trigger an e-mail can also be configured to create tickets with any of 15 different help desk applications. This tool also gives current employees the ability to request additional access through a simple login.
Security is enhanced through ID-Synch's ability to enforce strong password policy across platforms. Initial passwords can have a long list of required attributes, such as minimum alphanumeric characters, non-alphanumeric characters and alternating case. Passwords can even be auto-generated to accelerate the process.
Reporting capabilities are critical for identity management -- a key component of internal and regulatory compliance. ID-Synch automatically generates reports on numerous user statistics, such as successful user logins, invalid logins and login dates. This is invaluable for use in compliance auditing, as well discovering security issues. For example, numerous unsuccessful login attempts could signal malicious activity. Reports will also reveal accounts that are never or rarely accessed. These are dangerous -- say, if a disgruntled former employee or someone who now works for a competitor has access to privileged information -- and should be deactivated. Reports can be exported in .csv or .html formats.
Automated account provisioning tools have almost become a necessity for enterprises -- and the more complex the company, the more urgent its need. With its broad platform support and ease of use, ID-Synch is well worth considering.
This product review originally appeared in the January 2006 issue of Information Security magazine.