BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
The identity and access management (IAM) market has been shaped by two emerging trends over the last year: ease of use for customers, and extensibility into cloud and mobile use cases.
IAM products have also become more focused on establishing behavioral baselines and providing anomaly-based alerts, says Andras Cser, vice president and principal analyst at Forrester Research Inc., in Cambridge, Mass.
The IAM products that came out on top in our 2014 Readers' Choice Awards successfully stayed ahead of those trends. We congratulate the four winners selected by Information Security magazine's readers in a crowded field of commendable products.
Winner: One Identity Manager, Dell
Dell's One Identity Manager, acquired through its 2012 purchase of Quest Software, received high marks from readers for its ease of installation, configuration and use. Dell's IAM offering, available for both Microsoft SQL and Oracle database systems, is focused on moving user management and access control capabilities into the hands of computer savvy business users in a self-service model, with the company going as far as to claim that employees can manage the entire IAM lifecycle without help from IT.
The self-service trend has recently become a must for IAM vendors, according to Forrester Research. "Enterprise IAM is not hot anymore," says Cser. "Security professionals now need to work with their marketing and business stakeholders to create a secure, yet easy to use customer experience."
One Identity Manager provides a number of automatic provisioning capabilities meant to reduce the time and energy required to deploy the product in an enterprise setting. The product allows enterprise customers to implement it without excessive customization, cutting down on the coding needed to get One Identity Manager functioning optimally.
Dell's offering also supports other best-in-class IAM products, providing the ability to transition an entire IAM strategy into one view. Dell has moved to expand its One Identity suite with Cloud Access Manager as well. The cloud-focused play provides a number of traditional IAM features including single sign-on capabilities for a variety of Web application access scenarios.
One Identity Manager also received solid scores for customer support, with one reader describing Dell's support and service as "very good." The standard support included with the product is available during typical Monday-Friday working hours. Enterprises can also purchase 24x7 business critical support or premier support, which includes dedicated account manager and technical assistance.
Winner: BIG-IP Access Policy Manager, F5 Networks Inc.
F5 Networks' BIG-IP Access Policy Manager achieved high marks from readers as a good value for the investment and for its service and support. The Access Policy Manager software component is delivered as part of F5 Networks' larger BIG-IP system multilayer switch system, which comes in a wide range of physical appliances and virtual editions for cloud environments.
Access Policy Manager enables users to access corporate resources through several Web browsers, including Internet Explorer, Firefox and Safari, via HTTPS connections. That means enterprise IT teams don't need to push unique software configurations to user systems. Instead, user authentication and authorization can all be handled through the browser. The product supports Microsoft's Active Directory and LDAP, as well as a variety of encryption options including RSA SecurID and the Advanced Encryption Standard, leading to good scores from readers for its integration and compatibility capabilities.
The F5 Networks offering can be configured via a Web-based utility, where administrators can manage a number of IAM tasks such as configuring secure access, assigning resources and generating security certificates. Access Policy Manager provides a number of auditing tools to keep track of resources accessed by users and others, with the product offering customized reports and drill-down queries to keep track of suspicious activities.
Access Policy Manager also includes F5 Networks' BIG-IP Edge Client apps for the iOS and Android mobile operating systems, promising secure access for mobile devices to enterprise networks and applications through an SSL VPN connection. Overall, readers gave positive feedback for Access Policy Manager across all categories, leading one reader to describe the product as "excellent."
Winner: Self-Service Reset Password Management, Tools4ever
Tools4ever's Self-Service Reset Password Management achieved some of the highest scores among all IAM products for ease of installation, configuration and management, with readers describing it as a "very good tool" and "excellent service." Self-Service Reset Password Management serves as more of a niche offering compared to its competitors in the IAM category this year. The Tools4ever product is largely known for offering end users the ability to reset Active Directory passwords without IT intervention through predefined questions. Tools4ever claims that its offering can lower password reset calls by up to 90%, reducing a sizable burden for IT teams.
The Self-Service Reset Password Management comes as a standard software offering that integrates a "Forgot My Password" button into typical Windows logons. IT retains the ability to both create the questions and establish the number of questions that must be answered by a user in order to reset a password.
The tool's functionality can be expanded through a variety of additional modules. For instance, the Web module allows users to reset their passwords outside the corporate network at any time, with an optimized experience promised for mobile devices. Enterprises can also opt for an additional layer of security by applying the two-factor authentication module to the reset process. Two-factor authentication sends a PIN code by SMS to a user's mobile phone or by email to a secondary email address, with the user forced to enter both the PIN and answer the security questions to perform a reset. The Web-based caller ID verification module is available to enable helpdesk staff to verify the identity of callers more easily and securely.
All of the actions provided by Self-Service Reset Password Management are also recorded in audit logs, which can be used to produce standard reports for various compliance regulations such as HIPAA and SOX.
Winner: Security Identity Manager, IBM
IBM's Security Identity Manager stood out to readers for the wide variety of platforms, application and domains covered by the system, as well as its compatibility and ease of integration with other products. The product supports Microsoft Windows Server, SUSE Linux Enterprise Server, Red Hat Enterprise Linux and IBM's own AIX, as well as a variety of operating systems, email systems, ERP systems and cloud applications such as Salesforce.com. IBM also includes a toolkit that helps IT teams manage the integration of custom applications.
Much like Dell, IBM has focused on reducing the time and effort needed to deploy its IAM offering. Security Identity Manager utilizes roles and access permissions so that the creation and modification of user privileges can be automated. The product's provisioning engine allows access rights to be added or removed for individual users automatically based on changes in business roles, or enterprises can choose to apply permissions at the group level to further simplify the management process.
IBM has also attempted to streamline the interface of its Security Identity Manager with the hope of giving business leaders an easier view into how access rights are being managed. The product allows business managers to request access rights for users based on roles and group, reducing the time needed to apply permissions while decreasing the amount of requests sent to IT. IBM's offering also encroached on the territory of Tools4ever's Self-Service Password Reset Management tool by allowing users to reset passwords via a challenge/response system.
And for IT teams worried about lacking visibility into IAM processes, Security Identity Manager promises complete audit trails for all access rights changes, with custom reporting available for compliance needs.
"It is easy to use and effective," noted one reader.
Send comments on this article to firstname.lastname@example.org.
How to formulate and manage online identity and access control.
Learn whether iCloud's Keychain can securely synchronize passwords across devices.