The Identity & Access Management Blog: January 2012

Tuesday, January 17, 2012

The Necessity of Identity Management

Over the past couple months we have posted an influx of blogs, articles, videos, and reviews all discussing various facets of Identity Management. However we recognize that a simplistic overview of the essentials of Identity Management seems to be absent, and its intrinsic value is one that should not be missed due to confusion. It’s because of this need that we feel compelled to write this week’s blog post on the necessity of Identity Management, and break it down to its core values.

Identity Management is a powerful tool that can consolidate even the largest corporation. With the rising amount of credentials that employees need to maintain, it is becoming increasingly difficult to keep track of user accounts for each application within an organization. Studies have shown that employees (both past and present) pose a great threat to an organization; even more so if they leave on bad terms. Several questions then arise: What applications did this user have access to; how many user accounts did the user own; how is this data maintained; and lastly, who is responsible for removing or disabling the accounts? For organizations without a central solution for dealing with a user’s application accounts, the time it takes to identify and remove these accounts can vary greatly, often leaving a window of vulnerability open.

That’s where Identity Management solutions come into play. With Identity Management, administrators within an organization can control access to resources with the click of a button.

In a simple example, an organization has two resources where users exist: The first is a directory service and the second is a database. The directory service is used to authenticate users against machines they work on; it also grants them certain permissions based on their group membership within the directory. The database is a billing system where users simply exist, but administrators can view and manipulate data regarding payments for employees. Each of these resources requires their own user account for authentication, meaning the credentials can vary between the directory service and the billing database. If a user joins this organization, who determines the username and password associated with the applications? How are these two resources connected? In our simple example, it is easy to maintain a list of users and their accounts by hand. Now, throw in a mailing system, two terminal emulation applications, software for marketing, a help-desk solution, et cetera. The list goes on as a company expands, and as this company grows, maintaining that list, which originally consisted of two applications, grows increasingly difficult.

With an Identity Management solution, the process of creating, maintaining, and removing accounts is completely centralized. How is this accomplished? An Identity Manager can connect to any resource within an organization using customized code, known as connectors. These connectors allow the identity representing an employee from within the Identity Manager itself to be provisioned to target applications, connecting the IDM user object with the application user objects. With an IDM (Identity Management) solution, administrators can standardize the naming of user accounts, based on the resource the user is being provisioned to. For example, some applications may have a first initial/last name convention, while others have a first name/last name convention. With an IDM, this customization can be supported while providing the necessary consolidation.

The process for provisioning varies drastically between resources, as each requires different information from the user in order to function properly, and the user-object within IDM is completely customizable to account this.

What if an account is created within an application, but not in the IDM? The connectors can be configured to account for that. Through the process known as reconciliation, IDM can actively scan for new accounts in an application and then add it to its own collective list of identities. With both provisioning and reconciliation enabled, organizations can enjoy bidirectional synchronization from an Identity Management solution and its connected applications. Organizations can also enforce unidirectional synchronization by disabling reconciliation or provisioning for certain applications, as they see fit.

One last feature, and probably one of its greatest features is the ability to allow users to request access to the connected resources. By creating approval workflows, an organization can designate the IDM as their focal point for requesting access to resources. Approval workflows can be enforced per resource to ensure that once a request is raised, designated approvers receive the information regarding the request and can approve or deny it accordingly.

An Identity Management solution is essential for companies that are experiencing problems with maintaining user accounts across applications. It offers a single point of control that allows for the provisioning and de-provisioning of user accounts to or from any connected resource. It also grants employees a central place to go to request access to these resources, allowing for designated individuals to approve or deny the request before access is granted. The issues of granting a new user access to all of their necessary resources, and removing a user’s access from resources when they leave the organization, can all be solved by a click of the mouse through the central platform of Identity Management.

I hope you all have found this article helpful. If you have any questions regarding Identity Management, feel free to leave your comments here. I’ll be happy to answer any questions you may have.

Action Identity is a premier provider of Identity and Access Management solutions, offering solutions from distinguished partners like Oracle, Novell, NetIQ, ForgeRock, and Symplified to name a few. To learn more about Identity Management and a tailored solution for your company, please visit Action Identity’s website. To contact us directly, please click here.

Simiar Articles:
What is IDM?
Google Apps for Business & the Cloud
Much to do about Gmail, Password Management, and Your Smartphone
Read more...

Tuesday, January 10, 2012

Google Apps for Business & the Cloud

Everyone working directly or indirectly with IT has heard the word "cloud" uttered numerous times over the last two years. The term can be defined in many ways depending on who you are talking to and what the context of the conversation is. One very simple definition relates to the idea of accessing a service that is not running on systems within an organization's data center(s). One such example is the idea of running traditional desktop software applications via the web browser. These applications could include: email, calendar, contacts, word processing, spreadsheets, slide presentations, and collaborative work on documents. Over the last 15-20 years, Microsoft has had the vast majority of the market share with its Office and Exchange products. This required the Office software to be installed on each individual PC and having the Outlook application point to an Exchange server running within the organization's data center(s). With the steady increase in services being offered in the "cloud," other options are now available to customers. In February of 2007 Google introduced their version of running these applications in the cloud. During the last five years, over four million businesses have decided to implement "Google Apps for Business" as their methodology for running some or all of these applications. When customers approach the end of their enterprise license agreement with Microsoft for Office and Exchange, they may consider moving to Google Apps for Business as an alternative. There are circumstances where Google Apps is potentially a perfect fit and there are circumstances where it may not be a viable option. Consider the following:

Potential Benefits for Migrating to Google Apps for Business:

* Email, Calendar, Contacts, Word Processing, Spreadsheets, Slide Presentations, Document Collaboration are all available in the web browser
* No ongoing maintenance of desktop software
* No servers necessary to maintain in the data center
* Enhancements are continually migrated into the product over time
* 99.9% "up time" Service Level Agreement (SLA)
* Complies with an SSAE 16 Type II audit
* Has achieved FISMA (Federal Information Security Management Act) certification
* 2 Step Verification available at no extra cost
* Employees need to use a wide range of mobile devices including Android, iPhone, Windows Mobile, and Blackberries for email as well as other applications.
* Simple and predictable licensing model

Potential Reasons for not Migrating to Google Apps for Business:

* Spreadsheet "power users" will not have access to all the functionality they may be used to
* Outlook users who are used to certain features when connected to Exchange will either have to switch over to the web interface or be willing to go without certain features
* Technical support is limited via email and phone
* Certain organizations may require more than the 99.9% up time SLA.

Google Apps for Business is not a perfect fit for all organizations. It is a great option for some and not for others. What about your organization? Would it work for you? Why or why not?

To learn more about Action Identity and the services we provide, visit our website. To contact us directly, please click here.