Want to know what scares people? Well here's a list of thirteen things that Covisint's CSO, David Miller is scared of, and as an Identity Management professional, I'm right there with him.
It's a light-hearted article, but it does give a very good list of concerns which can form the nucleus of that discussion with your CIO / CEO / CFO when they ask, so why do we need Identity Management anyway, particularly when I could be spending the few IT dollars I give you on things that make us money????
Friday, October 31, 2008
Wednesday, October 15, 2008
A Great Tool for LDAP
It's a rare Identity Management project that does not involve an LDAP repository. I've found that it is most useful to have a tool that will let you browse these repositories.
For Read only operations, I loved the old MaXware Directory Explorer. Simple and lightweight. It had a couple of idiosyncrasies, but it was a great tool. It does not seem to be available for download however. I'm in the process of checking with SAP to find out its final status. Let's hope it has not gone to that big bit bucket in the sky!
Lately I've been using the Apache Directory Studio as my LDAP Browser. It's a great multi-platform tool that is Java based and available for Windows, Linux and Apple OS X. One of the things I like most about this application is that it is also an LDAP editor which is nice for tweaking data when doing testing.
Hope you enjoy it too!
For Read only operations, I loved the old MaXware Directory Explorer. Simple and lightweight. It had a couple of idiosyncrasies, but it was a great tool. It does not seem to be available for download however. I'm in the process of checking with SAP to find out its final status. Let's hope it has not gone to that big bit bucket in the sky!
Lately I've been using the Apache Directory Studio as my LDAP Browser. It's a great multi-platform tool that is Java based and available for Windows, Linux and Apple OS X. One of the things I like most about this application is that it is also an LDAP editor which is nice for tweaking data when doing testing.
Hope you enjoy it too!
Tuesday, October 14, 2008
IdM and the Economy
I observed two comments on the recent issues in the economy and its relationship to IT initiatives.
The first was from FOX Business which I was watching during lunch today. As they were reviewing the tech stocks one of the panel said something along the lines of, 'with diminished income, companies won'y be buying a new PC for your desk this year' (paraphrased)
When will the business folks get it through their heads that there is more to IT than the computer on their desks! I mean really, even more than email, firewalls and antivirus.
IT provides some essential services for the company that can provide a definite return, either in a direct return on investment or by avoiding fines and penalties through maintaining compliance and security standards.
One person that seems to get this is Ash Motiwala. In his blog entry today, Selling Identity in an Economic Downturn, Ash hits on this directly. It's not that you are spending money, but that you are achieving ROI and Compliance initiatives.
Let us look at ROI, when we don't have to have Network, Database and Application administrators creating and modifying accounts, they can be focusing their attention on making sure their areas of responsibility are working properly. When workflows are processed automatically (save approval actions) There's no need to have admins creating badges, modifying building access, and asking what kind of equipment each employee is supposed to have. Let all of these people do what they are supposed to be doing.
Compliance is another area. Let's face it, compliance is getting more complicated and sprouting up everywhere. Government realizes that charging fines and other penalties are a great way to make money, so there's a lot of attention here. In a time of data loss and identity theft showing adherence to Compliance and other areas of Risk Management are a selling point from a company to its customers, making Identity Management initiatives even more important than ever.
The first was from FOX Business which I was watching during lunch today. As they were reviewing the tech stocks one of the panel said something along the lines of, 'with diminished income, companies won'y be buying a new PC for your desk this year' (paraphrased)
When will the business folks get it through their heads that there is more to IT than the computer on their desks! I mean really, even more than email, firewalls and antivirus.
IT provides some essential services for the company that can provide a definite return, either in a direct return on investment or by avoiding fines and penalties through maintaining compliance and security standards.
One person that seems to get this is Ash Motiwala. In his blog entry today, Selling Identity in an Economic Downturn, Ash hits on this directly. It's not that you are spending money, but that you are achieving ROI and Compliance initiatives.
Let us look at ROI, when we don't have to have Network, Database and Application administrators creating and modifying accounts, they can be focusing their attention on making sure their areas of responsibility are working properly. When workflows are processed automatically (save approval actions) There's no need to have admins creating badges, modifying building access, and asking what kind of equipment each employee is supposed to have. Let all of these people do what they are supposed to be doing.
Compliance is another area. Let's face it, compliance is getting more complicated and sprouting up everywhere. Government realizes that charging fines and other penalties are a great way to make money, so there's a lot of attention here. In a time of data loss and identity theft showing adherence to Compliance and other areas of Risk Management are a selling point from a company to its customers, making Identity Management initiatives even more important than ever.
Whitepaper now available
Just a brief update, white paper Strategies for Creating an Authoritative Store, is now available from the SECUDE Global Consulting Website.
The paper is intended to be a discussion of creating an Authoritative Store for use in an Identity Management Infrastructure. It provides a good starting point for those considering implementing or revising their IdM landscape.
Please stop by and download a copy. I would be interested in hearing your thoughts either here or on the SGC Blog.
The paper is intended to be a discussion of creating an Authoritative Store for use in an Identity Management Infrastructure. It provides a good starting point for those considering implementing or revising their IdM landscape.
Please stop by and download a copy. I would be interested in hearing your thoughts either here or on the SGC Blog.
Tuesday, October 07, 2008
The Center for Applied Identity Management Research
The Center for Applied Identity Management Research should be something interesting to watch in the future.
As they say in their mission statement:
Looking over their list of current partners, I see business, finance, government, but not a lot of involvement from the Identity Management community (IBM and Lockheed Martin were the only large organizations) and I did not see mention of other large players such as Sun, Novell, Oracle and ca.
It sounds like they are more concerned with identity theft, homeland security, privacy and other issues. I'll be interested in seeing what they have to say as the Center grows and matures. They also promise to do research and publish.
As they say in their mission statement:
The mission of CAIMR is to meet current and future identity management challenges impacting individuals, public safety, commerce, government programs, and national security, through a multi-disciplinary applied research agenda aimed at providing pragmatic solutions and incorporating the perspectives of key academic, governmental, and commercial entities.
Looking over their list of current partners, I see business, finance, government, but not a lot of involvement from the Identity Management community (IBM and Lockheed Martin were the only large organizations) and I did not see mention of other large players such as Sun, Novell, Oracle and ca.
It sounds like they are more concerned with identity theft, homeland security, privacy and other issues. I'll be interested in seeing what they have to say as the Center grows and matures. They also promise to do research and publish.
Thursday, October 02, 2008
Two articles worth reading on IdM.
I read two interesting articles on different topics today and wanted to comment on both.
The first article is simply called "Identity Management" and appears on the Nextgov website. This was a very nice high level introduction to what happens in Identity Management. Just when you get to the point of "I've heard all of this before," it turns around and goes into a quick discussion of US Government requirements for Identity Management technology, particularly in light of Homeland Security Presidential Directive-12, which sets Identity and Access Management standards in the Executive branch of US Government. There are those who feel that this level of security is an excellent blueprint or at least inspiration for how private sector security should be executed.
The second article comes courtesy of the perspectives in the United Kingdom. In the article "Treat data like cash and the leaks will cease" the author, John Higgins makes a point that I think is long overdue. We do not put the same emphasis on data, particularly Identity data that we put on other parts of business and day to day transactions. It's such a basic observation in our field, and one I'm surprised has not been made before. Given recent lapses maybe it is time we started looking at how we treat data a little more carefully. I think it can put legislation like SOX in a whole new light. It might also be something to make us think again about how we make our business case for Identity Management and GRC solutions in the Private Sector.
The first article is simply called "Identity Management" and appears on the Nextgov website. This was a very nice high level introduction to what happens in Identity Management. Just when you get to the point of "I've heard all of this before," it turns around and goes into a quick discussion of US Government requirements for Identity Management technology, particularly in light of Homeland Security Presidential Directive-12, which sets Identity and Access Management standards in the Executive branch of US Government. There are those who feel that this level of security is an excellent blueprint or at least inspiration for how private sector security should be executed.
The second article comes courtesy of the perspectives in the United Kingdom. In the article "Treat data like cash and the leaks will cease" the author, John Higgins makes a point that I think is long overdue. We do not put the same emphasis on data, particularly Identity data that we put on other parts of business and day to day transactions. It's such a basic observation in our field, and one I'm surprised has not been made before. Given recent lapses maybe it is time we started looking at how we treat data a little more carefully. I think it can put legislation like SOX in a whole new light. It might also be something to make us think again about how we make our business case for Identity Management and GRC solutions in the Private Sector.
Subscribe to:
Posts (Atom)
