Courion's compliance survey gets it right, but do the surveyed?

Identity Management This newsletter is sponsored by Arsenal Digital Solutions Data Protection: Preferred Strategies used by SMBs Data has become the most valuable resource that many companies own. Organizations of all sizes are actively searching for reliable, affordable solutions for data protection to help them with business continuity, disaster recovery, and compliance. The problem is especially acute for small and mid-sized businesses (SMBs), which typically lack the resources to add new technologies or manage the growing infrastructure required to deal with the problem. Click here to listen to this webcast which reveals the latest findings and trends! Network World's Identity Management Newsletter, 06/20/07 Courion's compliance survey gets it right, but do the surveyed? By Dave Kearns Courion last week, released the results of its survey looking into enterprise identity management. Many of the results of the poll, which was carried out at its recent Converge conference, were to be expected but there were one or two surprises. When asked about the greatest internal barrier to implementing an account provisioning strategy, “Prioritizing Business Processes to Start With” was chosen by 59% of the 150 respondents. “Time Required to Achieve ROI” fell by nearly half compared to last year’s survey, and “Difficulty Justifying ROI” fell from 32% to 24%. Why the drop in the ROI barrier? My thinking is that the increasing automation of the provisioning process – from set up to roll out to maintenance - has decreased the “I,” the investment, while speeding up the entire installation lifecycle thus making the ROI positive in a much shorter period of time. And once the ROI is positive, the bean counters won’t be nagging you any more. “Prioritizing Business Processes” is, I think, a euphemism and catch-all for the various “office political” problems that arise with almost every provisioning project. Those objections are much harder to overcome, and there is no technological solution. Securing Data in Any Format, Wherever It Goes InfoWorld's Enterprise Data Protection Executive Forum, June 26 in New York City, is the premiere event for IT professionals looking to streamline their data protection strategy. Best practices, tactical guidance, reviews of new security requirements, and success stories from the experts are all designed to help you secure your data in any format, wherever it goes.. Register today at http://www.EDPExecutiveForum.com Role management is becoming a more mainstream practice, as 65% of respondents indicated that they have either already begun implementing or are planning to implement role management solutions within the next 18 months. The surprise here, though, was that role management was cited by 28% of respondents as the No. 1 identity management solution with the greatest impact on compliance activities, followed by identity audit/attestation (26%) and user provisioning (25%). It’s numbers like this which make me wary of any survey. Actually, the survey is probably correct – it’s the respondents who have a problem. Folks, without audit there is no compliance. Attestation is required by some regulations so, again, there’s no compliance without it. Role management is useful for compliance, just as a fully functional provisioning system can make compliance monitoring easier. But if you don’t have attestation and especially if you don’t have audit, you aren’t in compliance, because you can’t prove you’re in compliance. That’s the bottom line. Events: Next week is the annual Catalyst Conference put on by the Burton Group. I’ll be there, and you should be too. If you see me – say “Hi!” and let me know what you want to hear more about.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. 'Italian job' Web attack hits 10K sites 2. The case of the 500-mile e-mail 3. Pressure's on IBM to forgive millions in IT debt 4. Linux Foundation: Microsoft won't sue 5. The dos and don’ts of data breaches 6. Feds choose 10 vendors to secure mobile data 7. Zenoss Core wins test of open source tools 8. Top 15 USB geek gadgets 9. 10 reasons why it’s good and bad to be HP 10. Juniper feels growing pains MOST-READ REVIEW: Open source management-tool alternatives hit the mark

Contact the author: Dave Kearns is a writer and consultant in Silicon Valley. He's written a number of books including the (sadly) now out of print "Peter Norton's Complete Guide to Networks." His musings can be found at Virtual Quill. Kearns is the author of two Network World Newsletters: Windows Networking Strategies, and Identity Management. Comments about these newsletters should be sent to him at these respective addresses: windows@vquill.com, identity@vquill.com . Kearns provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail. This newsletter is sponsored by Arsenal Digital Solutions Data Protection: Preferred Strategies used by SMBs Data has become the most valuable resource that many companies own. Organizations of all sizes are actively searching for reliable, affordable solutions for data protection to help them with business continuity, disaster recovery, and compliance. The problem is especially acute for small and mid-sized businesses (SMBs), which typically lack the resources to add new technologies or manage the growing infrastructure required to deal with the problem. Click here to listen to this webcast which reveals the latest findings and trends! ARCHIVE Archive of the Identity Management Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007