Thursday Jul 30, 2009

Catalyst Conference, Day 2 (Thursday, July 30)

Day two of the Catalyst Conference was also packed with good information.   Key points from sessions I attended are included below. 

Please let me know if you would like to discuss any of these topics.


Maximum Value for Minimum Investment: Getting the Most from Your IdM Infrastructure
Mark Diodati (Burton Group)
  1. Mid tier vendors growing organically with integrated administration.
  2. Just because one product in a suite fits your needs doesn't guarantee that the other products in the suite fits your needs.
  3. Microsoft typically not considered a full IdM vendor, but because Microsoft owns desktop and defacto workflow engine (Exchange) they have a strong potential.
  4. Identity services may enable integration of multiple Identity silos - entitlement management, WAM, Provisioning, eSSO ...
  5. LDAP has emerged as the default protocol of Identity services - the center of the IdM universe.
  6. Coexistence of AD, Sun DS, OID, etc., will be with us for a long time.
  7. What next? Assess where you are. Play to your strengths. Invest in initiatives that deliver value quickly.
  8. Align ERP and IdM stgrategies.

Identity Management: Making It Pay Off at Allstate Insurance

Eric Leighninger (Allstate Insurance)
  1. Key goal: manage identities for people, applications and platforms, with digital personae for each.
  2. Establish service catalog from which people can request services.
  3. Make enterprise directory single source of record - although subordinate directories are used.
  4. Built integrated Identity system that addresses internal and customer-facing needs.
  5. Started within the enterprise - then worked outward to customers.
  6. Identity-based encryption key mangement services will allow them to manage keys as efficiently as users.
  7. Will need to consider virtual directory because identity repository environment is getting more complex.

Small Identity Management Project, Big Returns: One Bank’s ESSO Experience
Steven Craige (Bank of the West)
  1. Justification for ESSO: reduce time and expense on password change.
  2. Goal: single ID with single password.
  3. At two year mark, password changes down 33% - all savings may not be attributable to ESSO.
  4. ROI target: 48 months.
  5. Difficult to get business groups to move apps to ESSO.
  6. Getting senior management's support is essential.
  7. Decide what you want to achieve and what you can afford.
  8. Chose ESSO as first step - other IdM projects may follow.

Leveraging Active Directory to Improve UNIX Identity Management
Mark Diodati (Burton Group)
  1. Companies want centralized policy management of unix and windows systems via windows group policy
  2. The market is converging for privileged account management, AD Bridge and Unix Security products
  3. Explosive growth in this market is driven by heightened focus by auditors and demand for improving Unix security
  4. Efficiency is a major driver: cost reduction, enhanced productivity, sign-on reduction
  5. Can a robust IdM system be effectively deployed without securing the operating system first?

Case Study: Bridging the Gap between Active Directory and Non-Windows Systems and Servers
John Matthew (NBC Universal)
  1. After failing SOX audits for Unix account management, they found that password policy was not enforced, poor account managment, poor change management and widespread use of resource accounts.
  2. Considered off the shelf, open source or "roll your own" options.
  3. They chose open source technology (Likewise) because the software was free, but they could buy support.
  4. The Likewise product was augmented with a database to keep track of relevant data and scripting to automate repetive processes and wiki to report status.
  5. Integrated with IdM system. Workflow manages AD to handle group membership for SOX compliance.
  6. Small team (2 guys) did most of the implementation.

Using Identity Virtualization to Mitigate Risk at Sony Pictures Entertainment
Kunal Mittal (Sony Pictures)
  1. Business drivers for Virtual Directory: single place to manage and report on Identities, improve data quality, reduce cost of providing Identity services and simplify integration with multiple systems.
  2. Technical drivers: provide common view of identity data across different systems, support transition to SOA, offer Identity services to extend to enterprise and SaaS applications.
  3. Privacy policy can be enforced at VDS level.
  4. The system was implemented by a small team in less than four months.

See no Evil, Hear no Evil, Speak no Evil - Identity Governance
Chris Howard (Burton Group)
  1. Tough year - economically, psychologically.
  2. Companies are re-imagining their business models.
  3. The corporate institution is profoundly dysfunctional in many ways, especially for society's purposes, but also for capitalism.
  4. The corporate institution is ripe for reinvention.
  5. Simplification is a myth: large organizations are complex, IT systems are complex and transparency requires simplicity.
  6. Simplicity is managed complexity.
  7. Obfuscation is borne of complexity.  Some obfuscation is intentional, but most is unintentional. Obfuscation in IT is not a surprise.
  8. Forces impacting enterprise IT Externalization (e.g. cloud, outsourcing), Democratization ( how I choose to work) and Consumerization (multiple devices and freedom of choice).
  9. Remediating the existing IT environment doesn't automatically reinvent the corporation.

The “3 Rs of IdM”: Roles, Risk and Regulatory Compliance
David Griffeth, VP Enterprise Identity Management - RBS Citizens Bank
  1. Automated provisioning doesn't equal Identity management
  2. Main goals - definition and maintenance of roles and certification of access
  3. Involve both system owners and department managers in role defintion
  4. Value of roles: access certifications are simpler, compliance is easier, drastic reduction in risk, entire account lifecycle is properly controlled
  5. Document roles to enable easy understanding

Making IdM Infrastructure More Transparent
Gerry Gebel (Burton Group)
Mike Rollings (Burton Group)
  1. Governance is not possible without transparency.
  2. An access and identity governance layer is emerging as distinct from the run time IdM infrastructure services layer.
  3. Governance enables a closed loop, including: configure policy, assign privileges, monitor activity, certify environment, determine access.
  4. Complexity is the enemy of transparency and friend of the status quo.
  5. Several customers are still building their own provisioning systems, based on workflow systems already in place, to work the way their business works.
  6. Use business intelligence tools to provide functionality and interface more in line with business person's perspective.

Security and Governance as Competitive Advantage for SaaS
Tim Madewell (Innotas)
  1. Governance is Visibility, Control, Reliability and Predictability.
  2. Governance for operations is part of the service in the SaaS model.

Vendor Lightning Round - 2
Tom Smith, CEO - Conformity
  1. SaaS management solution
  2. centralized  administration, usage analytics and reporting, workflow and process integration
Venkat Raghavan, Director Product Management, Security, Risk and Compliance - IBM
  1. IBM Tivoli Securty: delivering on IBM Secuirty Strategy
  2. identity and access assurance, data and application security, security management for System z
Andy Han, VP & GM, Products - NextLabs
  1. NextLabs product suite 4.5
  2. data security in collaborative environments - protecting data on the move
Ulrich Lang, CEO - ObjectSecurity
  1. application security policy automation
  2. development tool suite add-on
Rohit Gupta, Sr. Director, Product Management - Oracle
  1. Service-Oriented Security for Application developers
  2. Oracle/Sun will be best IdM system in the world
Jackson Shaw, Quest
  1. OneIdentitySolution
  2. simplify identity infrastructure around AD
Dieter Shuler, Radiant Logic
  1. VDS context edition
  2. VDS is abstraction layer between inflexible data stores and appls that want to consume that data
Technorati Tags: , , , , ,

About

Discovering Identity was founded on blogs.sun.com in May 2005 as a means of documenting my exploration of the field of Identity and Access Management. In February, 2010, I switched to hosting the blog at DiscoveringIdentity.com. In March 2012, I began posting Oracle-related information in both places.

Thanks for stopping by.

Please connect with me in cyberspace at LinkedIn or Twitter.


The views expressed on this blog are my own and do not necessarily reflect the views of my employer, Oracle Corporation, or any other person or organization.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today