Establishing Digital Trust: Don't Sacrifice Security for Convenience
The nascent market for software that automates the provisioning of IT resources got a boost last week from a significant player: IBM's Tivoli unit.
Tivoli announced Identity Director, a tool that automates the provisioning of IT resources and manages them through their lifecycle according to predefined policies, such as a group job description.
Also last week, Netegrity, a major player in the field of authorization products, announced its Secure Relationship Management (SRM) platform, which will eventually include a provisioning component.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iThe moves may well lend credibility to the idea of automated provisioning, once the purview of startups, including Business Layers and Access360, both founded in 1999.
Chris Christiansen, a vice president and security analyst with International Data Corp., a research firm in Framingham, Mass., says the Tivoli announcement means, "The big kahunas waltz into the marketplace. IBM/Tivoli has shown up with its channels, its sales force and its brand."
He noted the move might help the market as a whole, given the resources IBM can throw at raising the visibility and awareness of provisioning technology. "I wouldn't be surprised if this did more good than harm to Access360 and Business Layers," he says.
The idea behind the provisioning products is to automate the workflow behind the delivery and removal of various IT sources, based on a user's role in an organization. Such resources include everything from a user profile in a directory to network logon and application access rights. As such, the provisioning process normally requires dealing with various systems that typically have their own management platforms as well as getting approvals from appropriate personnel.
"Identity Directory is a more efficient way to manage adds, changes and deletions of users across heterogeneous systems," says Leo Cole, director of market management of security products for Tivoli.
Identity Director, like competing provisioning products, can be configured such that when a new employee is entered into the human resources information system, it triggers a chain of events that automates the provisioning process, including the approval process. Identity Director sits in the middle, dealing with all required systems.
The product creates users and their attributes in a Lightweight Directory Access Protocol directory, or it can be integrated with an existing LDAP directory, Cole says.
Besides helping users streamline the process of creating new user accounts, Identity Director helps ensure that users don't have access to resources they no longer need or for which they no longer hold authorization. When a user leaves the company, for example, all rights and privileges can be eliminated with a single command.
"Customers are failing audit reports," Cole says, because they have too many ex-employees still active on their systems, creating a significant security risk.
Identity Director requires Tivoli's Policy Director tool to provision access rights to applications. Policy Director is the company's authorization engine, which enables companies to control who can access what resources when.
Tivoli also announced that Policy Director is now compatible with additional applications, specifically: BroadVision's One-To-One Enterprise, Plumtree Software's Corporate Portal, IBM's WebSphere Portal family and mySAP.com. The product also supports Java applications built on WebSphere and BEA Systems' WebLogic. Support for Siebel Systems applications is coming soon.
The company also delivered a new, lower end version of its vulnerability tracking tool. The Tivoli Intrusion Manager is intended to help mid-size organizations or departments of large companies assess their vulnerabilities and monitor attacks, threats and exposures. It can feed into Tivoli's high-end Risk Manager vulnerability management tool.
Netegrity's SRM, meanwhile, is intended to integrate access control, single sign-on, identity management, portals and, eventually, provisioning services. The portal component is being supplied via Netegrity's pending acquisition of DataChannel. The company is evaluating whether to buy or build the provisioning component, according to a spokeswoman, and thus does not yet have a delivery date.
All the IBM products are available now. Pricing of Identity Director varies widely depending on configuration. Intrusion Manager costs $49,910 for a license to manage up to 20 devices.