Sun Wants in on Access Management

With concern over internal data breaches and compliance growing, Sun Microsystems
today rolled out Sun Identity
Compliance Manager
to tackle these problems.

This offers role management by “building on Sun’s Identity Manager 8.0 announcement in
the summer, and it wraps in the role management capabilities they acquired from Vaau
earlier this year,” IDC research director Sally Hudson told InternetNews.com by
e-mail, referring to Sun’s purchase of the role management and identity audit vendor.

The news comes as insider breaches continue to pose a major security threat according to
security vendor RSA, which makes compliance, based on identity management, increasingly
important. In a study this month, RSA found that 43 percent of 417 attendees to industry
events had switched jobs internally, but still had access to accounts they no longer
needed. A total of 79 percent said their company employs temporary workers or contracts
who require access to critical organizational information and systems, while 37 percent
have stumbled into parts of their corporate network they believe they should not have had
access to.

Role management is critical to access control
and compliance. It “is becoming the buzzword du jour in identity and access
management ‘IAM’,” IDC’s Hudson said.

If managers find staff have access to applications they should not, Sun’s product lets
them initiate a request to correct this. Requests can be sent out automatically as part
of change management systems, user provisioning systems, or by e-mail, and Sun’s product
will track them, validate the correction and capture the associated audit trail.

Sun Identity Compliance manager also enables enterprises to define and enforce
segregation of duties, a key part of IT security. A simple example of segregation of
duties in business is implementing separate departments for accounts payable and accounts
receivable.

Controlling and managing access “strengthens security in the enterprise by removing
risk and/or outdated access,” Burton Group analyst Ian Glazer told
InternetNews.com by e-mail.

It was the failure to implement separation of duties that let rogue systems
administrator
Terry Childs
hold San Francisco’s fiber-optic wide area network hostage back in July
by replacing all the passwords with ones only he knew. The proper thing to do would have
been to have different people hold different passwords.

Sun’s product also includes an entitlements glossary, which enables business users to
display IT entitlements in easily understood business terms — important in helping
business managers understand the roles of their staff and approve or disapprove access
without having to refer back to IT.

The product also automates the controls and reporting associated with access, and lets
enterprises monitor changes in user access in real-time to maintain compliance and
mitigate potential business risks. Real-time monitoring of user access is crucial, as
many companies fail to close down old or unused accounts, leading to orphan accounts that can
be misused.

The Prize in IAM

The new launch could mean that Sun may be on to a good thing. Regulatory compliance,
both in the United States and worldwide, drives “about 75 percent of the overall IAM
market, which renders the market segment somewhat recession-proof,” Hudson said. Overall,
license and maintenance revenues for IAM totaled $3.1 billion exclusive of services in
2007, she said, adding that IDC forecasts that figure will exceed $5 billion by 2012.

But to capture a share of the market, Sun will have to take on some big names. The
market leaders in IAM software licensing and maintenance revenue are IBM, CA, Oracle and
Novell, in that order, Hudson said.

She added that Sun has “lost some ground over the past 24 months” against those
companies, but its new product could help it make up some of the difference.

Article courtesy of InternetNews.com

Latest Articles

Follow Us On Social Media

Explore More