Indentity management options boosted by RSA Security and Sun Microsystems
Firms wanting identity management systems have been given new options, as Sun Microsystems unveiled a system combining physical and IT access controls; and RSA Security upgraded its federated identity product with tools for easier deployment and management.
Sun has integrated its Java Systems Identity Management Suite with enterprise access specialist ActivIdentity's Card Management System. The vendor said the joint Sun-ActivIdentity system, available now, can automate the granting and revoking of access rights to physical and network resources.
The system lets IT managers consolidate multiple user-access credentials on a single smartcard, and can be audited to help firms achieve compliance with regulations and policies, said Sun.
Graham Titterington of analyst Ovum said that combining access controls for physical and IT systems is an increasingly popular approach, because it strengthens overall enterprise security and improves administrative efficiency.
"This sort of thing will gain traction in the industry," Titterington said. "If staff change roles or jobs, why do the [access registration] process two or three times when it will increase productivity if done in one fell swoop, so they can get on with their jobs quickly?"
Titterington added that when staff leave a company their logins are often not removed from all systems, which creates security vulnerabilities. "By merging [IT and physical security], it forces all changes to be done at the same time, so you get tighter security and more efficient administration," he argued.
Also last week, RSA released a new version of its Federated Identity Manager, promising IT administrators faster and simpler deployment, and easier management.
Version 3.0 includes a new browser-based graphical user interface, which will make it easier for companies with a large number of partner connections to manage identities, said RSA's product marketing manager, Carlo Cadet.
"We've spent a lot of time with administrators and also focused on deployment accelerators [including] a partner set-up wizard," Cadet said. "[This will] make it easier for administrators to deploy [the system] initially and then bring in partners over time."
The update, due in the second quarter, also supports the SAML 2.0 protocol. This means it can interoperate with a large range of third-party identity systems, RSA said. Titterington said the product would mainly appeal to large firms wanting to integrate diverse platforms – for example, after a takeover.
Advanced identity management systems could prove of particular interest to firms following publication of DTI survey figures last week, which indicated that 99 percent of UK firms are not implementing sufficient access management safeguards to prevent electronic ID theft.
Andrew Beard of PricewaterhouseCoopers, which led the DTI study, said few companies are strengthening and integrating their authentication, provisioning and authorisation systems because most firms merely respond to rules imposed on them rather than following good practices.
"Companies are being reactive rather than proactive," Beard said. "It's a small comfort that [identity management problems] were not much worse in the latest survey than they were in 2004, but although the incidents are relatively few, when they do happen they now have more impact."
Firms wanting identity management systems have been given new options, as Sun Microsystems unveiled a system combining physical and IT access controls; and RSA Security upgraded its federated identity product with tools for easier deployment and management.
Sun has integrated its Java Systems Identity Management Suite with enterprise access specialist ActivIdentity's Card Management System. The vendor said the joint Sun-ActivIdentity system, available now, can automate the granting and revoking of access rights to physical and network resources.
The system lets IT managers consolidate multiple user-access credentials on a single smartcard, and can be audited to help firms achieve compliance with regulations and policies, said Sun.
Graham Titterington of analyst Ovum said that combining access controls for physical and IT systems is an increasingly popular approach, because it strengthens overall enterprise security and improves administrative efficiency.
"This sort of thing will gain traction in the industry," Titterington said. "If staff change roles or jobs, why do the [access registration] process two or three times when it will increase productivity if done in one fell swoop, so they can get on with their jobs quickly?"
Titterington added that when staff leave a company their logins are often not removed from all systems, which creates security vulnerabilities. "By merging [IT and physical security], it forces all changes to be done at the same time, so you get tighter security and more efficient administration," he argued.
Also last week, RSA released a new version of its Federated Identity Manager, promising IT administrators faster and simpler deployment, and easier management.
Version 3.0 includes a new browser-based graphical user interface, which will make it easier for companies with a large number of partner connections to manage identities, said RSA's product marketing manager, Carlo Cadet.
"We've spent a lot of time with administrators and also focused on deployment accelerators [including] a partner set-up wizard," Cadet said. "[This will] make it easier for administrators to deploy [the system] initially and then bring in partners over time."
The update, due in the second quarter, also supports the SAML 2.0 protocol. This means it can interoperate with a large range of third-party identity systems, RSA said. Titterington said the product would mainly appeal to large firms wanting to integrate diverse platforms – for example, after a takeover.
Advanced identity management systems could prove of particular interest to firms following publication of DTI survey figures last week, which indicated that 99 percent of UK firms are not implementing sufficient access management safeguards to prevent electronic ID theft.
Andrew Beard of PricewaterhouseCoopers, which led the DTI study, said few companies are strengthening and integrating their authentication, provisioning and authorisation systems because most firms merely respond to rules imposed on them rather than following good practices.
"Companies are being reactive rather than proactive," Beard said. "It's a small comfort that [identity management problems] were not much worse in the latest survey than they were in 2004, but although the incidents are relatively few, when they do happen they now have more impact."
Share this page
Email this page
Back to Top
Home
Edit Post
0 comments: