Review: With ID-Synch v4.0, you can easily manage many users

By Brent Huston, Contributor 06 Jan 2006 | Information Security magazine

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Manually managing user accounts in complex, heterogeneous environments is both a tremendous drain on IT resources and a significant security risk. In an era of regulatory pressure, the lack of firm, centralized control over access and authorization policies is an invitation for failed audits and government sanctions. "Ghost" accounts of terminated and transferred employees are a common and persistent security risk.

M-Tech has long been one of the leaders in this market, and ID-Synch v4.0 is a robust product for easily managing large numbers of users. It guides managers through an intuitive, clean and easy-to-navigate Web interface, with connectors for more than 70 different platforms including directory services such as LDAP, Active Directory, NT Domains, Novell eDirectory and NDS, and Kerberos. Also covered are major *nix and mainframe systems, and messaging systems such as MS Exchange, Lotus Domino/ Notes and Novell GroupWise.

ID-Synch uses these connectors to control user IDs and access for each of these applications, providing a flexible work flow model. For example, if a new employee or contractor is hired, the manager connects to the Web-based interface and enters information requesting new accounts for Active Directory and SAP access. This function is bidirectional -- accounts can still be added traditionally through the application, and ID-Synch will discover them during scheduled searches. Admins are alerted about requests through e-mail and can either approve or deny them through the Web interface. Any event that would trigger an e-mail can also be configured to create tickets with any of 15 different help desk applications. This tool also gives current employees the ability to request additional access through a simple login.

Security is enhanced through ID-Synch's ability to enforce strong password policy across platforms. Initial passwords can have a long list of required attributes, such as minimum alphanumeric characters, non-alphanumeric characters and alternating case. Passwords can even be auto-generated to accelerate the process.

Reporting capabilities are critical for identity management -- a key component of internal and regulatory compliance. ID-Synch automatically generates reports on numerous user statistics, such as successful user logins, invalid logins and login dates. This is invaluable for use in compliance auditing, as well discovering security issues. For example, numerous unsuccessful login attempts could signal malicious activity. Reports will also reveal accounts that are never or rarely accessed. These are dangerous -- say, if a disgruntled former employee or someone who now works for a competitor has access to privileged information -- and should be deactivated. Reports can be exported in .csv or .html formats.

Automated account provisioning tools have almost become a necessity for enterprises -- and the more complex the company, the more urgent its need. With its broad platform support and ease of use, ID-Synch is well worth considering.

This product review originally appeared in the January 2006 issue of Information Security magazine.

Tags: Enterprise User Provisioning Tools,  Access control,  Two-Factor and Multifactor Authentication Strategies,  Password Management and Policy,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Enterprise User Provisioning Tools Content-aware IAM: Uniting user access and data rights Is Identity Management as a Service (IDaaS) a good idea? Top tactics for endpoint security How to edit group policy objects to give a user local admin rights Privileged account management critical to data security Making the case for enterprise IAM centralized access control Lesson 3: How to implement secure access Best practices for a privileged access policy to secure user accounts Risk management must include physical-logical security convergence PCI compliance requirement 7: Restrict access Access control Access security with KoolSpan's SecurEdge 2006 Products of the Year: Identity and access management Review: Imperfections aside, TACS v3.1.1 is a viable tool Two-Factor and Multifactor Authentication Strategies Two-factor authentication, vigilance foil password theft Security on a budget: How to make the most of authentication tools Best Authentication Products Best Identity and Access Management Products Are 'strong authentication' methods strong enough for compliance? PCI compliance requirement 7: Restrict access PCI compliance requirement 9: Physical access Best practices: How to implement and maintain enterprise user roles Changing times for identity management RSA researcher Ari Juels: RFID tags may be easily hacked

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary AAA server  (SearchSecurity.com) authentication, authorization, and accounting  (SearchSecurity.com) federated identity management  (SearchSecurity.com) logon  (SearchSecurity.com) password synchronization  (SearchSecurity.com) RADIUS  (SearchSecurity.com) role mining  (SearchSecurity.com) user profile  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary