New Sun product illustrates identity management trend

By Marcia Savage, Features Editor, Information Security magazine 20 Oct 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Identity management projects can be complex and cumbersome, but vendors are figuring out ways to help enterprises ease into the technology.

We're seeing a little more nuance and focus on how some things can be more digestible for the enterprise. Ian Glazer, senior analyst, Burton Group Inc.

Sun Microsystems Inc.'s new Identity Compliance Manager, which automates the process of certifying and auditing user access to data and applications, represents this trend, says Ian Glazer, senior analyst at Midvale, Utah.-based Burton Group Inc.

Sun and other vendors are offering enterprises a way to move into identity management by starting with access certification, which helps businesses meet various regulatory and internal requirements, and then grow into more complex projects, he said.

"It's a way of starting with something of reasonably high value and maybe a little less complexity and then grow that project into something that has complexity like role management or user provisioning," he said.

Sun Identity Compliance Manager parses out and builds on the access certification capabilities of Sun Role Manager, which was released in March. Role Manager was formerly known as Vaau RBACx; Sun bought Torrance, Calif.-based Vaau Inc. a year ago.

SUN's GRC strategy: Sun shifts strategy with GRC push: Sun, is putting less emphasis on technology, focusing on a complete GRC portfolio that includes partnerships and services to address risk. Analysts said the new strategy would be a challenge for the vendor, which has traditionally focused on its open source tools.

Some customers shy away from full-scale role management technology so Sun wanted to offer the compliance capabilities as a standalone product, said Mat Hamlin, senior product manager at Sun. Several factors are driving an increased need for access control compliance, including regulatory pressures and insider threat risks, he said. Identity Compliance Manager "provides the answer of who has access to what," Hamlin said.

Access certification has gained more visibility in the enterprise and companies have been using a variety of homegrown and vendor tools to carry out the process, Glazer said.

Vendors offering standalone access certification capabilities include CA Inc., Aveska, SailPoint Technologies Inc., Hitachi-ID Systems Inc., Courion Corp., and Approva Corp.

Sun Identity Compliance Manager also provides segregation of duties enforcement and an entitlement glossary that translates cryptic descriptions of IT entitlements so business managers can understand them. The product integrates with user provisioning systems from Sun as well as from vendors such as Oracle Corp. and CA.

SearchSecurity radio:

Nick Crown, Sun senior product line manager, said Identity Compliance Manager's access certification and segregation of duties functions provide a way to cleanse identity and entitlement data, which can then lead into defining roles that can be used for provisioning. He said the product is important for Sun's overall identity management suite, which includes Identity Manager, Role Manager and OpenSSO Enterprise.

"This provides a great first step for customers to take," Crown said.

"The market did have a tendency to put these enormous types of offerings out there that were just a little mind boggling to deploy," Glazer said. "We're seeing a little more nuance and focus on how some things can be more digestible for the enterprise."

Tags: Enterprise User Provisioning Tools,  Password Management and Policy,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Enterprise User Provisioning Tools Identity lifecycle management for security and compliance Content-aware IAM: Uniting user access and data rights Is Identity Management as a Service (IDaaS) a good idea? Top tactics for endpoint security How to edit group policy objects to give a user local admin rights Privileged account management critical to data security Making the case for enterprise IAM centralized access control Lesson 3: How to implement secure access Best practices for a privileged access policy to secure user accounts Risk management must include physical-logical security convergence Password Management and Policy Two-factor authentication, vigilance foil password theft Group to shed light on secure identity management threats Brute force attacks target Yahoo email accounts Best Identity and Access Management Products Privileged account management critical to data security Making the case for enterprise IAM centralized access control How to prevent brute force webmail attacks Best practices for a privileged access policy to secure user accounts Mature SIMs do more than log aggregation and correlation PCI compliance requirement 2: Defaults

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary AAA server  (SearchSecurity.com) authentication, authorization, and accounting  (SearchSecurity.com) federated identity management  (SearchSecurity.com) logon  (SearchSecurity.com) password synchronization  (SearchSecurity.com) RADIUS  (SearchSecurity.com) role mining  (SearchSecurity.com) user profile  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary