The high cost of deploying entitlement management before role management

Security: Identity Management This newsletter is sponsored by NetApp Whitepaper: Server virtualization for SMBs Server virtualization is not only meant for the largest enterprise organizations. In this whitepaper, Server Virtualization for Small and Medium-size Businesses, learn how this technology is ideal for smaller IT shops. This whitepaper explains how simplifying hardware and server applications with virtualization software allows for key operational improvements. Network World's Security: Identity Management Newsletter, 09/17/07 The high cost of deploying entitlement management before role management By Dave Kearns My friend Howard Ting, senior director, product management and marketing at Securent, had an interesting commentary on my recent newsletter about the path your identity management services should follow (see “The long road to identity services”). He wrote: “Interestingly, the push to deploy [entitlement management] is coming as much from the application developers and line-of-business [LoB] owners as it is from the security and compliance departments. In fact, I believe this is the primary source of our difference in viewpoints. While I agree to do “enterprise-wide” EM may require provisioning and role management to be in place, many LoB owners and developers simply can’t wait for their enterprise security teams to get their act together. They have new applications or services to roll out (or existing ones that need to be retrofitted) and they are buying EM solutions to secure access to these applications faster, cheaper, and easier. In these cases, the existence of an enterprise provisioning or role management solution is clearly not a pre-requisite.” This hadn’t occurred to me, and I’m troubled to hear it. The phrase “cart before the horse” does occur to me. Now, I’m not expecting that Securent (or Aveksa, Sailpoint, Jericho or any of their other competitors) would object to going into an organization which doesn’t have normalized and synchronized identities, an electronic provisioning workflow and at least the rudiments of a role management system. But I would expect that those in the organization charged with the identity management task would raise some issues. Comprehensive Network Access Control The new wave of sophisticated crimeware not only targets specific companies, but it also targets desktops and laptops as backdoor entryways into business operations and resources. Network access control enables proper configuration and security of user endpoints before they are allowed access on the corporate network. Click here to download this whitepaper. I’m not saying that there couldn’t be a positive effect, but it does seem like installing gold-plated faucets before actually running the plumbing from the city’s water line. You could install an open tank on the roof to catch rainwater, then use gravity to draw the water down through tubing to your beautiful faucet, but you’d be subject to periodic outages (when it didn’t rain) and the “product” might be too dirty to use at other times. Trying to install entitlement management without the necessary and sufficient prerequisites and precursors will more than likely end up costing you additional money, additional time (to do manually that which should be automated), and - possibly – additional security holes. It really isn’t worth it. Upcoming Events: * Digital Identity Systems Workshop, Sept. 20, Polytechnic University, Brooklyn, N.Y. * RSA Conference, Oct. 22–24, London, U.K. * Interop, Oct. 22–26, New York, N.Y. Check the upcoming events calendar at the Identity Management Journal and let me know of any I’ve overlooked.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. What 'The Sopranos' taught me about tech 2. 10 IT management software companies to watch 3. Does 802.11n spell the end of Ethernet? 4. Google wants into the car business 5. NTP sues Verizon, AT&T, Sprint and T-Mobile 6. Meet the other Ciscos 7. TJX data criminal gets 5 years 8. Internet domain name outlaw faces 20 years 9. IBM uses Microsoft code in open-source effort 10. AT&T going orange? Color me puzzled MOST DOWNLOADED POCAST: Twisted Pair: Apple's gadgets give us the warm fuzzies

Contact the author: Dave Kearns is the editor of IdM, the Journal of Identity Management as well as a consultant to both vendors and users of IdM technologies. He's written a number of books including the (sadly) now out of print "Complete Guide to eDirectory." His other musings can be found at the Virtual Quill, an Internet publisher which provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail. Comments to this newsletter can be e-mailed to Dave here.  This newsletter is sponsored by NetApp Whitepaper: Server virtualization for SMBs Server virtualization is not only meant for the largest enterprise organizations. In this whitepaper, Server Virtualization for Small and Medium-size Businesses, learn how this technology is ideal for smaller IT shops. This whitepaper explains how simplifying hardware and server applications with virtualization software allows for key operational improvements. ARCHIVE Archive of the Security: Identity Management Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007