NETWORK WORLD NEWSLETTER: DAVE KEARNS ON IDENTITY MANAGEMENT
09/05/05
Today's focus: Making a play for role-based ID management
Dear security.world@gmail.com,
In this issue:
* Role management as reviewed by Eurekify
* Links related to Identity Management
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by HP
Network World Executive Guide: The Evolution of Management
Technologies
With applications and infrastructures growing more sophisticated
and demanding, network and systems management technologies are
more critical than ever. Elevating their focus from bits and
bytes, these networked systems are being called on to close the
gap between IT and business services. Read about the future of
management, including BSM and emerging automation tools. Learn
about 'hot spots' and 'best products' in network management.
http://www.fattail.com/redir/redirect.asp?CID=112874
_______________________________________________________________
GAMBLING FORCES THE QUESTION: WHO CONTROLS THE 'NET?
A pair of Caribbean islands with a combined area about 2.5 times
that of Washington, D.C., and a population of about 68,000,
decided a while back to invest in Internet casinos as a way to
augment the tourist trade. Can the U.S. government prohibit U.S.
residents from partaking? Click here:
http://www.fattail.com/redir/redirect.asp?CID=112395
_______________________________________________________________
Today's focus: Making a play for role-based ID management
By Dave Kearns
Making a play for role-based ID management
Role management as viewed by Eurekify
By Dave Kearns
Last week, I let Bridgestream Vice President of Marketing Ed Zou
speak to you directly about the need for roles in an enterprise
identity project ( <http://www.networkworld.com/nldsv6344> ).
More to the point, Zou talked about the need for the business
side of the house to delineate and define the roles that are
important to the way the enterprise does business. Somehow, I
knew when I finished writing that piece that one of the first
people to respond to it would be Ron Rymon. Rymon is the founder
of Eurekify, often described as a "role mining" company (see
"Rules and policies vs. actual practice",
<http://www.networkworld.com/nldsv6345> ). Here's what Rymon had
to say:
"First, I totally agree with Ed's words. The identity management
scene has transformed in the past year or so, and most
sophisticated customers, integrators and vendors now realize
that role management is an essential piece of any identity
management project. In Eurekify's projects, we also find that
Ed's examples are very typical. Many customers start with a
'simple' [identity management project], and then realize that
they should have invested more in the planning and preparation
phase, and this is especially true in the areas related to role
management. To Ed's observations, I would like to add a few more
that we have discovered in the 2-3 years that we are working in
this new and emerging market."
Rymon went on at great length to elaborate on role mining as a
tool to use in conjunction with top-down role definition. The
major point he made was that in most organizations it is close
to impossible to create roles with only an authoring tool and a
business-analysis approach. You also need to "mine" existing
privileges in order to arrive at role definitions that reflect
your actual business practices. He noted that this bottom-up
approach does not replace top-down and business analysis, but he
believes the role-engineering project can only succeed if the
two are combined.
He added that an investment in role management can quickly pay
off in the compliance area, one of today's hotbeds of identity
management activity. He noted that if you structure good
business roles, you can easily state the business process
constraints, such as segregation of duty, access right
limitations, etc. In fact, in many cases the same
pattern-recognition technology can be used to automate
verification of compliance with policies and regulations even
before creating and approving the roles (the approval is what
usually takes longest if you really want to do it right and in
collaboration with the business unit). In the current
atmosphere, if your project can help the organizational
compliance project (and don't tell them it took you very little
time), your project will score big with top management, and
needless to say will help you when you need more support during
a very hard identity management project.
A major side effect of role-mining, according to Rymon, is
"privileges cleanup." Eurekify often finds that on average 30%
to 40% of the privileges already granted are wrong, ad-hoc,
outdated or otherwise unnecessary. He concluded, "I would like
to applaud Ed's article, and to urge identity management
managers to seriously consider role management issues when they
consider their identity management implementation. Our
role-based management slogan now is: 'Survey, Plan, Deploy and
Comply', which we believe is the best way to go about
implementing identity management in large organizations."
So there you have both sides of the coin - which, I'm willing to
bet, has many more than two sides! In fact, HP Director of
Strategy Archie Reed chimed in right behind Rymon to say much of
the same while adding that he felt that HP's "services" approach
"...allows business analysts/managers to determine how back-end
'stuff' (IT roles, resources, associated policies) are to be
offered to business users (customers, partners, employees,
contractors, other services, etc)."
Role-based identity management: It's still evolving but it is
what you need to be implementing in your organization. We'll
highlight more on role-based identity management in future
issues.
The top 5: Today's most-read stories
1. VoIP rollouts generate heat, power concerns
<http://www.networkworld.com/nldsv6203>
2. Cell carriers tackle Katrina damage
<http://www.networkworld.com/nldsv6346>
3. 2005 salary survey <http://www.networkworld.com/nldsv3879>
4. Google dives deeper into networking
<http://www.networkworld.com/nldsv6199>
5. Katrina news <http://www.networkworld.com/nldsv6347>
Today's most-forwarded story:
Cell carriers tackle Katrina damage
<http://www.networkworld.com/nldsv6348>
_______________________________________________________________
To contact: Dave Kearns
Dave Kearns is a writer and consultant in Silicon Valley. He's
written a number of books including the (sadly) now out of print
"Peter Norton's Complete Guide to Networks." His musings can be
found at Virtual Quill <http://www.vquill.com/>.
Kearns is the author of three Network World Newsletters: Windows
Networking Tips, Novell NetWare Tips, and Identity Management.
Comments about these newsletters should be sent to him at these
respective addresses: <mailto:windows@vquill.com>,
<mailto:netware@vquill.com>, <mailto:identity@vquill.com>.
Kearns provides content services to network vendors: books,
manuals, white papers, lectures and seminars, marketing,
technical marketing and support documents. Virtual Quill
provides "words to sell by..." Find out more by e-mail at
<mailto:info@vquill.com>
_______________________________________________________________
This newsletter is sponsored by HP
Network World Executive Guide: The Evolution of Management
Technologies
With applications and infrastructures growing more sophisticated
and demanding, network and systems management technologies are
more critical than ever. Elevating their focus from bits and
bytes, these networked systems are being called on to close the
gap between IT and business services. Read about the future of
management, including BSM and emerging automation tools. Learn
about 'hot spots' and 'best products' in network management.
http://www.fattail.com/redir/redirect.asp?CID=112873
_______________________________________________________________
ARCHIVE LINKS
Archive of the Identity Management newsletter:
http://www.networkworld.com/newsletters/dir/index.html
_______________________________________________________________
FEATURED READER RESOURCE
VoIP
For the latest in VoIP, check out NW's Research Center on this
very topic. Here you will find a collection of the latest news,
reviews, product testing results and more all related to keeping
VoIP networks performing at their best. Click here for more:
<http://www.networkworld.com/topics/voip.html>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2
International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES
To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>
To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>
Subscription questions? Contact Customer Service by replying to
this message.
This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________
Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>
Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772
For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>
Copyright Network World, Inc., 2005
No comments:
Post a Comment