Identity and Access Management

Aug. 25, 2007 - PRLog -- The efficient management of identity and associated access control issues needs to be of pressing concern for all security-conscious organisations, irrespective of their size or business focus.

This report looks at how I&AM protection technology can be utilised to support the operational need of the business and its users. Business success and the efficiency with which successful organisations drive the delivery of their operational services is empowered by the availability of information - providing the right information to the right people at the right time - but the most significant challenge that all organisations face today is one of maintaining control. There is a need to build trusted environments where the identity of each user can be proved before access rights are granted. These must be environments where customers and citizens can gain on-request access to personal and account information, without running the risk of falling prey to identity theft; where employees are able to gain unencumbered access to corporate networks, systems, and applications, irrespective of where their chosen place of work happens to be; and where business partners and suppliers can be provided with certified access channels to collaborative information sources.

Today we have a situation where business needs to improve and more effectively control the way that it manages and protects its information. From a technical stand-point most of the information that needs to be protected is collected, stored, and made available electronically from within public and private sector computer systems. A vast amount of this information is openly available on demand, but other more sensitive corporate information, whilst still available to the right requestors, requires more qualified access and protection rules. In the main, it is this second type of information that must have adequate security and authentication rules and policies applied each time information users demand access.

Therefore, without the ability to streamline, manage, and control identity, organisations leave themselves extremely vulnerable to a wide range of internal and external threats. Good quality Identity and Access Management (I&AM) acts as a corporate policeman, it determines rights of passage, directs the traffic flow by enabling authorised users to get access to business information, but essentially it provides all the locks and keys to corporate systems and networks. Our view is that the role of I&AM in support of the business and its users is to effect a balance between systems and information protection and the operational needs of the organisation. The locks need to be secure enough to make unauthorised access difficult to achieve, but at the same time the keys must allow smooth and easy access when authorised entrants come calling.

Each individual organisation will have its own specific identity-based protection requirements, and in addition, across specific business sectors there will be a number of common systems and information protection issues. However, I&AM provides a number of core technology components which for the purposes of this report are detailed below:
Identity Management: Controls the use of directory (LDAP) and meta-directory management facilities.
Authentication Technologies: Provides support for single- and multi-factor authentication.
Password Management and Systems Synchronisation: Is used to control the frequency, content, and structure of passwords, and to provide self-service capabilities.
SSO: Delivers one of the key integration layers of I&AM.
Access Control: Web and enterprise access control is a key component of enterprise I&AM.
Provisioning and De-provisioning: Provides the capability to deliver role-based provisioning, individual provisioning, group and departmental provisioning, and appropriate de-provisioning capabilities.
Administration and Policy Management: Delivers federated and delegated administration facilities, linking through to policy- and regulatory compliance-based requirements.
Performance and Scalability: I&AM has to be driven by a delivery model that is capable of providing service irrespective of traffic flow volumes.
Additional Information

Key Findings :
Identity and Access Management (I&AM) lays the foundations for the building of a trusted environment. Butler Group believes that it is essential that companies move to an identity-centric approach, where the focus is on authentication to reduce risk, rather than relying on the current mechanisms of perimeter control and detection.
The move to Internet-based business processes and a collaboration framework means that it is not a question of if, but when, enterprises must implement integrated security solutions that are based on the principles of identity and trust.
I&AM solutions must relate clearly to business requirements, and avoid the nightmare scenario where users are hindered rather than empowered by the technology.
The goal for I&AM is to deliver that balance between the needs of authorised users for open information access and enterprise information privacy.
The most significant challenge that all organisations face today is one of maintaining control. There is a need to build trusted environments where the identity of each user can be proved before access rights are granted.
Good quality I&AM acts as a corporate policeman - it determines rights of passage, directs the traffic flow by enabling authorised users to have access to business information, but above all it provides the locks and the keys to corporate systems and networks.
Identity theft is at an all time high; companies must use secure authentication techniques to ensure that customers that transact business on-line are not exposed to additional risk.
Business has struggled to get real value from I&AM because it is still seen as a protection commodity, deployed to deal with specific security issues, rather than as an enabler of business services.
Organisations dealing with sensitive information can no longer get away with insecure, password-based authentication. Compliance obliges organisations to prove that adequate levels of protection are being applied.
Table of Contents :
Section 1: Management Summary
1.1 Management Summary

Section 2: Business Issues
2.1 Report Objectives and Structure
2.2 Safeguarding and Enabling Business Systems
2.3 Dealing With the Management of Identity
2.4 Examining Vertical Business Issues - I&AM Business Requirements
2.5 Operational Case Studies

Section 3: Technology Issues
3.1 Identity Management Technology
3.2 Authentication Technologies
3.3 Password Management and Systems Synchronisation
3.4 Single Sign-on
3.5 Access Control
3.6 Provisioning and De-provisioning
3.7 Administration and Policy Management
3.8 Standards Bodies and Standards in Practice

Section 4: Architectures and Models
4.1 Building an Effective I&AM Strategy
4.2 Architecture - The Butler Group Model for I&AM
4.3 Deployment - Delivering a Successful I&AM Strategy

Section 5: Market Issues
5.1 Market Analysis
5.2 Market Drivers
5.3 Market Direction

Section 6: Tables
6.1 Butler Group Identity and Access Management Features Matrix
6.2 Butler Group Identity and Access Management Product Capability Diagrams
6.3 Butler Group Identity and Access Management Market Lifecycle Ratings

Section 7: Vendor Comparisons
7.1 Product Comparisons
7.2 Comparison of Vendor Strategies


For more information kindly visit: http://www.bharatbook.com/detail.asp?id=22517

Website: www.bharatbook.com