- Related Stories
-
Open-source identity projects connect with Microsoft
January 28, 2007 -
Microsoft pitches InfoCard for businesses
September 13, 2006 -
Symantec eyes ID management
May 8, 2006 -
HP to acquire identity management firm
November 30, 2005 -
The hottest business you never heard of
May 18, 2005 -
CA to launch identity management tools
March 2, 2005 -
CA to buy Netegrity for $430 million
October 6, 2004 - Related Blogs
-
Identity technology finally makes its mark
September 15, 2006
"We need to have a much more well-defined process for IAM (identity and access management), with architectures, controls and processes," Ant Allan, vice president of research at Gartner, told attendees of a recent conference in London on identity management.
While there has been a tendency to treat such problems as primarily a technological issue, and focus on how to integrate identity management into existing applications and systems, effective access management has a much broader impact, Allan said. "IAM is more and more about business issues as much as it is about security issues. You have to reflect the business controls and processes in your IAM controls and processes."
Another recent challenge has been an increasing emphasis on ensuring that staff members actually are who they claim to be, an issue that is receiving increasing prominence as global employment patterns shift.
"Before you create identities on your information systems for people, you need to establish who they are in the real world," Allan said. "We're seeing an increased focus on identity-based networks."
All this may see identity management shift from a technology manager responsibility to that of higher, C-level executives. "IAM is not something you can relegate to a low-level administrative task," Gartner's Ray Wagner noted.
Merely setting up efficient systems remains troublesome, if the typical queries received by Gartner itself are any indication. In the first quarter of this year, the most common queries from clients related to basic issues of user provisioning and authentication, Wagner said. Provisioning alone accounted for almost a quarter of queries.
One reason for increased interest in IAM is the increasing interest fiscal and legal regulators are taking in the systems used to control information access.
"Regulators want to see controls in place, and they want to see that you can show them you have controls in place," Allan said.
Effectively delivering that will probably require multiple categories of software, with Gartner singling out administration and access, verification, authentication and auditing as crucial roles.
"You don't need every kind of tool there is on the market, but you probably need more than one of each category," Allan said.
Angus Kidman of ZDNet Australia attended the Gartner Identity & Access Management Summit.
- More from News.com on this story's topics
Authentication and encryption
See more CNET content tagged:
access management,
identity management,
Gartner Inc.,
identity,
query
Unlimited long distance $24.99/mo
Whether it be access to a firmware upgrade, reserving a meeting room, even filing a complaint or asking a simple request from the IT department.
With proper smartcard + password management set into place... it's really no problem at all.
Deciding what requires such strict access may be a problem at first, but once ALL of the resources have been defined and whom can access which resource has been layed out... the only thing remaining is periodical confirmation that such access is continually required or not. Once a month or once every three month mandatory re-requesting should allow IT management to take back control of their network.
Walt
I think we?re going to see a move toward using monitoring devices to accompany IAM systems. Aside from role-based provisioning and access control, businesses need to track the activity of each user to ensure privileged users are not violating security controls or placing the company at risk. Monitoring will also help with continuous compliance measurement and improve the overall security posture.