IBM today launched the latest version of its Tivoli Identity Manager integrating the various acquisitions it made in recent years around identity and access management and streamlining a popular lightweight version of its identity management software.
Tivoli Identity Manager Version 5.0 melds features from IBM's lighter Identity Manger Express version, which was popular with customers. The features simplify set-up and deployment of the software, a concern of previous versions often highlighted by industry analysts and experts. IBM has migrated instructional wizards and templates from the express version that it says should also reduce the learning curve of new users.
"We're taking the best features of Express and making them available on top of Tivoli Identity Manager," said Joe Anthony, program director for identity management for IBM's Tivoli division. "As the market is maturing in this area, it's important to continue to drive down the amount of IT knowledge needed to deploy the products and make it even easier for end users."
Like identity management software sold by Oracle, CA and Sun Microsystems, IBM's software automates identity and access management processes, by allowing managers to set up new accounts and passwords for employees and customers. The software also includes tools for user provisioning and monitors access rights to identify unauthorized and malicious changes or duplicate and outdated entries. It also includes attestation features, forcing managers to review and sign-off on employee access to system files and applications.
IBM often couples identity management deployments in conjunction with deployments of its WebSphere application server, said Mark Diodati an analyst with Midvale, Utah-based Burton Group. IBM's strategy is to try to come in with a unified solution of all their products to solve a specific problem, he said in a recent interview with SearchSecurity.com.
Diodati said IBM still lacks a virtual directory and an enterprise single sign-on solution. A virtual directory takes employee and policy data, often stored in multiple directories and accessible by a Web service and simplifies the communication between applications by making it appear to be a plain LDAP server. It often results in security efficiencies, Diodati said. For that, customers typically turn to Novato, Calif.-based Radiant Logic Inc. or Chicago-based Symlabs Inc., which sells virtual directory servers.Oracle and SAP have virtual directory products, in addition to Symlabs and Radiant Logic.
IBM, Sun and Oracle have a relationship with PassLogix and resell the Passlogix enterprise SSO product.
Companies don't typically purchase an entire identity management suite to solve multiple solutions, Diodati said. Typically they'll have some need, such as user provisioning, enterprise single sign on or Web access management and then they evaluate the best product in the marketplace for that specific need. After a particular product is selected, companies sometimes take a look at an entire suite.
"We've spent a lot of time making it easier for end users while at the same time driving the ability to scale the infrastructure," IBM's Anthony said. "We have customers that have over a million users using the product so it's very important that the product can scale."