Catalyst Conference, Day 2 (Thursday, July 30)
By identity on Jul 30, 2009
Please let me know if you would like to discuss any of these topics.
Maximum Value for Minimum Investment: Getting the Most from Your IdM Infrastructure
Mark Diodati (Burton Group)
- Mid tier vendors growing organically with integrated administration.
- Just because one product in a suite fits your needs doesn't guarantee that the other products in the suite fits your needs.
- Microsoft typically not considered a full IdM vendor, but because Microsoft owns desktop and defacto workflow engine (Exchange) they have a strong potential.
- Identity services may enable integration of multiple Identity silos - entitlement management, WAM, Provisioning, eSSO ...
- LDAP has emerged as the default protocol of Identity services - the center of the IdM universe.
- Coexistence of AD, Sun DS, OID, etc., will be with us for a long time.
- What next? Assess where you are. Play to your strengths. Invest in initiatives that deliver value quickly.
- Align ERP and IdM stgrategies.
Identity Management: Making It Pay Off at Allstate Insurance
Eric Leighninger (Allstate Insurance)
- Key goal: manage identities for people, applications and platforms, with digital personae for each.
- Establish service catalog from which people can request services.
- Make enterprise directory single source of record - although subordinate directories are used.
- Built integrated Identity system that addresses internal and customer-facing needs.
- Started within the enterprise - then worked outward to customers.
- Identity-based encryption key mangement services will allow them to manage keys as efficiently as users.
- Will need to consider virtual directory because identity repository environment is getting more complex.
Small Identity Management Project, Big Returns: One Bank’s ESSO Experience
Steven Craige (Bank of the West)
- Justification for ESSO: reduce time and expense on password change.
- Goal: single ID with single password.
- At two year mark, password changes down 33% - all savings may not be attributable to ESSO.
- ROI target: 48 months.
- Difficult to get business groups to move apps to ESSO.
- Getting senior management's support is essential.
- Decide what you want to achieve and what you can afford.
- Chose ESSO as first step - other IdM projects may follow.
Leveraging Active Directory to Improve UNIX Identity Management
Mark Diodati (Burton Group)
- Companies want centralized policy management of unix and windows systems via windows group policy
- The market is converging for privileged account management, AD Bridge and Unix Security products
- Explosive growth in this market is driven by heightened focus by auditors and demand for improving Unix security
- Efficiency is a major driver: cost reduction, enhanced productivity, sign-on reduction
- Can a robust IdM system be effectively deployed without securing the operating system first?
Case Study: Bridging the Gap between Active Directory and Non-Windows Systems and Servers
John Matthew (NBC Universal)
- After failing SOX audits for Unix account management, they found that password policy was not enforced, poor account managment, poor change management and widespread use of resource accounts.
- Considered off the shelf, open source or "roll your own" options.
- They chose open source technology (Likewise) because the software was free, but they could buy support.
- The Likewise product was augmented with a database to keep track of relevant data and scripting to automate repetive processes and wiki to report status.
- Integrated with IdM system. Workflow manages AD to handle group membership for SOX compliance.
- Small team (2 guys) did most of the implementation.
Using Identity Virtualization to Mitigate Risk at Sony Pictures Entertainment
Kunal Mittal (Sony Pictures)
- Business drivers for Virtual Directory: single place to manage and report on Identities, improve data quality, reduce cost of providing Identity services and simplify integration with multiple systems.
- Technical drivers: provide common view of identity data across different systems, support transition to SOA, offer Identity services to extend to enterprise and SaaS applications.
- The system was implemented by a small team in less than four months.
See no Evil, Hear no Evil, Speak no Evil - Identity Governance
Chris Howard (Burton Group)
- Tough year - economically, psychologically.
- Companies are re-imagining their business models.
- The corporate institution is profoundly dysfunctional in many ways, especially for society's purposes, but also for capitalism.
- The corporate institution is ripe for reinvention.
- Simplification is a myth: large organizations are complex, IT systems are complex and transparency requires simplicity.
- Simplicity is managed complexity.
- Obfuscation is borne of complexity. Some obfuscation is intentional, but most is unintentional. Obfuscation in IT is not a surprise.
- Forces impacting enterprise IT Externalization (e.g. cloud, outsourcing), Democratization ( how I choose to work) and Consumerization (multiple devices and freedom of choice).
- Remediating the existing IT environment doesn't automatically reinvent the corporation.
The “3 Rs of IdM”: Roles, Risk and Regulatory Compliance
David Griffeth, VP Enterprise Identity Management - RBS Citizens Bank
- Automated provisioning doesn't equal Identity management
- Main goals - definition and maintenance of roles and certification of access
- Involve both system owners and department managers in role defintion
- Value of roles: access certifications are simpler, compliance is easier, drastic reduction in risk, entire account lifecycle is properly controlled
- Document roles to enable easy understanding
Making IdM Infrastructure More Transparent
Gerry Gebel (Burton Group)
Mike Rollings (Burton Group)
- Governance is not possible without transparency.
- An access and identity governance layer is emerging as distinct from the run time IdM infrastructure services layer.
- Governance enables a closed loop, including: configure policy, assign privileges, monitor activity, certify environment, determine access.
- Complexity is the enemy of transparency and friend of the status quo.
- Several customers are still building their own provisioning systems, based on workflow systems already in place, to work the way their business works.
- Use business intelligence tools to provide functionality and interface more in line with business person's perspective.
Security and Governance as Competitive Advantage for SaaS
Tim Madewell (Innotas)
- Governance is Visibility, Control, Reliability and Predictability.
- Governance for operations is part of the service in the SaaS model.
Vendor Lightning Round - 2
Tom Smith, CEO - Conformity
- SaaS management solution
- centralized administration, usage analytics and reporting, workflow and process integration
Venkat Raghavan, Director Product Management, Security, Risk and Compliance - IBM
- IBM Tivoli Securty: delivering on IBM Secuirty Strategy
- identity and access assurance, data and application security, security management for System z
Andy Han, VP & GM, Products - NextLabs
- NextLabs product suite 4.5
- data security in collaborative environments - protecting data on the move
Ulrich Lang, CEO - ObjectSecurity
- application security policy automation
- development tool suite add-on
Rohit Gupta, Sr. Director, Product Management - Oracle
- Service-Oriented Security for Application developers
- Oracle/Sun will be best IdM system in the world
Jackson Shaw, Quest
- simplify identity infrastructure around AD
Dieter Shuler, Radiant Logic
- VDS context edition
- VDS is abstraction layer between inflexible data stores and appls that want to consume that data