Sun shifts strategy with GRC push

By Robert Westervelt, News Editor 04 Mar 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Sun Microsystems Inc. launched its governance, risk and compliance (GRC) strategy with new products and services for identity management, auditing and compliance. Sun's move into the market directly challenges Oracle, IBM, CA and others vying for a larger share of the identity management market.

I think Oracle and Sun are in a foot race if not a horse race to provide a separate set of GRC capabilities more comprehensive than role management. Kevin Kampman, senior analyst, Burton Group

Sun, is putting less emphasis on technology, focusing on a complete GRC portfolio that includes partnerships and services to address risk. Analysts said the new strategy would be a challenge for the vendor, which has traditionally focused on its open source tools.

The GRC strategy includes an expansion of its identity management portfolio with the new Sun Role Manager—integrating its acquisition of Vaau RBACx role management suite as well as the company's services arm into the portfolio. Sun acquired Torrance, Calif.-based Vaau in November to fill in a gap in enterprise role-management. It had a longstanding partnership with Vaau, enabling the software to work with the Sun Identity Manager. Sun executives said they plan to release new technologies and features over the next 12 months to fill in additional missing pieces in the portfolio.

"Enterprise role management is critical to establishing access control compliance and is a big part of GRC," said Nick Crown, a GRC product line manager at Sun. "It allows people to understand the level of access users have and more importantly it also provides an interface in order to define and manage roles."

The market for role management software has been consolidating over the last year. In September, Oracle Corp. acquired ERM vendor Bridgestream Inc., and Cisco Systems Inc. announced that it's acquiring security software maker Securent, of Mountain View, Calif., for about $100 million.

Kevin Kampman, a senior analyst at Midvale, Utah-based Burton Group said he would be watching to see how well Sun executes its strategy in an area they are less recognized in. Sun has been trying to retool its identity management strategy for a while and didn't have a clear message formulated, he said. GRC is a way to bring all the components together.

"I think Oracle and Sun are in a foot race if not a horse race to provide a separate set of GRC capabilities more comprehensive than role management," Kampman said. "Vaau was a serious contender in the role management and compliance management space, so it was a very timely acquisition for sun to leverage that organization's view of how to manage identities in organization and tie that into role management."

Identity, roll management market: Sun acquiring Vaau for identity management: To better serve customers preoccupied with regulatory compliance and identity management, Sun has agreed to acquire enterprise role-management vendor Vaau. Audio download: Security360: Identity management market Analyst Mark Diodati describes the leaders of the identity management market; IBM's Joe Anthony explains Big Blue's strategy and Novell's Dale Olds on user-centric identity.

Sun has about 500 Identity Manager customers with about 300 that have deployed the product in production, according to the Burton Group.

Sun executives said they would make a push to be more competitive in the market by expanding their ecosystem of partnerships with third party vendors and experts to further develop its open source technologies and identify customer opportunities and participate in development.

Vaau has had partnerships with CA and IBM and Crown said he expects those partnerships to continue. For example, CA has used Vaau in several large provisioning implementations.

"One of the benefits of the product is that it can work with other identity management systems with other vendors, and we're going to continue that moving forward," he said. "Having open interfaces and giving customers choice has been the philosophy at Sun."

Tags: Enterprise User Provisioning Tools,  Password Management and Policy,  Web Authentication and Access Control,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Enterprise User Provisioning Tools Content-aware IAM: Uniting user access and data rights Is Identity Management as a Service (IDaaS) a good idea? Top tactics for endpoint security How to edit group policy objects to give a user local admin rights Privileged account management critical to data security Making the case for enterprise IAM centralized access control Lesson 3: How to implement secure access Best practices for a privileged access policy to secure user accounts Risk management must include physical-logical security convergence PCI compliance requirement 7: Restrict access Password Management and Policy Two-factor authentication, vigilance foil password theft Group to shed light on secure identity management threats Brute force attacks target Yahoo email accounts Best Identity and Access Management Products Privileged account management critical to data security Making the case for enterprise IAM centralized access control How to prevent brute force webmail attacks Best practices for a privileged access policy to secure user accounts Mature SIMs do more than log aggregation and correlation PCI compliance requirement 2: Defaults Web Authentication and Access Control Group to shed light on secure identity management threats How to confirm the receipt of an email with security protocols Schneier-Ranum Face-Off: Is Perfect Access Control Possible? Kaminsky reveals key flaws in X.509 SSL certificates at Black Hat Changing times for identity management How to use single sign-on for Web access control to prevent malware IBM USB banking device stops keyloggers, malware Can mutual authentication beat phishing or man-in-the-middle attacks? Could someone place a rootkit on an internal network through a router? Sun launches open source OpenSSO for identity management

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary AAA server  (SearchSecurity.com) authentication, authorization, and accounting  (SearchSecurity.com) federated identity management  (SearchSecurity.com) logon  (SearchSecurity.com) password synchronization  (SearchSecurity.com) RADIUS  (SearchSecurity.com) role mining  (SearchSecurity.com) user profile  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary