Companies share identity management struggles |
 |
By Robert Westervelt, News Editor
14 Nov 2007 | SearchSecurity.com |
|
|
SAN FRANCISCO -- Jim Raub, director of IT security at broadband services provider Paetec Communications, had limited time to get Oracle's Identity Manager rolled out to streamline naming conventions and user provisioning to tighten access control across the company.
Business has been growing steadily for Paetec. With a number of planned acquisition targets, Raub was under pressure to get an identity management solution in place to meet compliance demands and scalability issues.
Like many companies implementing identity management tools, the company experienced a number of problems Raub attributes to the need to get a system online quickly. The company didn't have an adequate test environment, data cleansing was an issue, getting various data holders to agree on an ID format also was a challenge, he said. And custom connectors had to be built to connect to several Unix-based applications.
"There was just too much going on and some upheaval because we had to get it in quickly," he said. "If we weren't trying to integrate the company so quickly, the whole process would have been easier."
Raub shared his Oracle Identity Manager implementation experience during a panel discussion Tuesday at Oracle's OpenWorld user conference. Despite their challenges, employees are seeing the value of identity management software. While companies have been struggling with various problems implementing an identity management software -- whether it be during the data cleansing phase or instituting a common naming structure -- the best way to begin an implementation is just before company growth, when the company is small and agile, the panelists said.
Oracle has done a good job buying its way into the identity market. It acquired provisioning software from Thor Technologies in 2005 and since then analysts say it has become a big player. It threatens CA, IBM and Sun for outright leadership, said Mark Diodati, an analyst with Midvale, Utah-based Burton Group.
"Oracle has made a whole slew of acquisitions in 2005 from purchasing Web access management products and federation," Diodati said. "You can tell by the acquisitions that they've done that they clearly value the identity management space. They are a full-fledged player and arguably with the most complete set of identity management products in their suite."
And Oracle has been making progress selling their identity manager to their own customers as well as marketing the products to new customers, Diodati said. Still, point solutions exist and companies should examine their options.
Kenny Gilbert, director of technology solutions at Sunnyvale, Calif.-based semiconductor installations provider Silicon Image, said his company didn't even consider other vendors for identity management. The company recently completed a $120,000 five-month implementation.
"Compliance absolutely was a major driver for us," Gilbert said. "It was also critical to have a single source for employee information."
Gilbert said if he had to do the project over, he would have tweaked the naming convention to avoid issues with multiple systems. The company could have also been more proactive to get its Unix systems all on the same patch set, he said.
Rex Thexton, chief technology officer of Bedminster, N.J.-based consulting firm Entology, said most of his firm's customers are driven to identity management to meet Sarbanes Oxley and other regulations.
"Either they are planning acquisitions or getting ready to go public," he said.
Raub said the company is so pleased with its implementation that the plan is to start rolling it out to other non-Sarbanes Oxley systems, such as the company's ID badge system.
"They improved their processes and the result has been a much better company," he said.
|
|
|
|
