GOLD MEDAL: Control-SA
BMC Software, www.bmc.com
The umbrella of identity management covers a lot of ground: passwords, authentication, access control, provisioning and auditing. Probably the most powerful tool in identity management remains BMC Software's Control-SA, which gives enterprises broad control over user accounts.
Here's the problem facing enterprises: You must provide users with access to multiple systems on different platforms, have the ability to monitor and audit their access to systems, and revoke permissions and accounts on a moment's notice. Control-SA was one of the first tools on the market to address these bedeviling problems.
"BMC Software has a mature product," says the VP of risk management at a large financial services firm. "It has a lot of functionality, and it covers a lot of platforms."
Control-SA's features give enterprises extensive power to provision, control and audit access to IT systems on different platforms. It uses group-based rules to provide users with access based on their departmental assignments, but also has the power to provide exceptions so certain users will have greater or lesser rights.
Managing user accounts also means periodic maintenance and modification. Control-SA has tools for adjusting access rights, such as removing certain permissions when a user changes jobs or requires special access for projects. It also automates account revocation, ensuring that an account is closed as a user's employment is terminated.
Auditing is critical to good identity management, especially in this age of Sarbanes-Oxley compliance. Control-SA comes with tools for identifying unauthorized use, improper permission and inactive accounts. This gives enterprises the ability to lock down accounts and demonstrate the strength of their security and integrity programs to regulators.
An added benefit is Control-SA's self-service password management system, which allows users to reset passwords across multiple platforms and cuts help desk costs.
"The self-service password reset works great," says a CISO. "There are a lot of cost-savings on the help desk."
Other vendors offer similar, worthy products, but BMC's Control-SA remains the leader and well-deserving of the gold award.
SILVER MEDAL: SSL Certificates
USER COMMENT: "It integrates well with other products. VeriSign is world class and good for secure communication."
BRONZE MEDAL: Sun Java System Identity Manager (formerly Lighthouse)
Waveset (a subsidiary of Sun Microsystems), www.sun.com
USER COMMENT: "Sun has a great LDAP server integrating with Waveset's identity management solution; they seem to work well together."