One thing we know from history is that all things must come to an end, and for Sun Identity Manager that end comes roughly 14 months from now. It has been reported that the “path of least resistance” for replacing the “sun-setted” Identity Manager product will be Oracle’s version; however, just about every identity management vendor in the industry has jumped in claiming to be a better way to go. With more than a year before Sun sets, now would be a good time for an organization to investigate and identify a new identity and access management (IAM) solution rather than settling for one that might be more expensive or more maintenance intensive.
Here are some things to look for to find the right solution:
- IT Automation of Operations and Administration: The new solution should automate corporate password policy enforcement, IT service catalog user provisioning and account de-provisioning, access certification compliance management and identity intelligence. IT automation streamlines support operations and improves security, while also resulting in fewer governance risks and compliance aberrations
- Self-Service Password Reset: By giving business users flexibility and control over routine IT tasks, self-service password reset reduces help desk calls to free support staff for more strategic activities. By offering self-service provisioning and administration of user account provisioning, access provisioning, active directory group management and enterprise password management, the new Identity Management solution can be not only more secure, but also result in greater user productivity
- Identity mining and analysis: Most organizations already have multiple applications and services that maintain multiple user and resource lists. The solution chosen should create authoritative identity lists using from those resources that can then feed IT, business, and service management programs.
- Identity definition and user provisioning: With an authoritative identity list in place you need to simplify and automate the process of creating, refining, and provisioning user access to resources. Role creation and definition tasks should be distributed to individual team or business managers who best understand both needed access and user roles.
- IT Store Approach: Ideally, the solution should implement a service catalog approach that uses an internal “application store” that enables both managers and individual users to request new or updated access through a user-friendly, shopping cart style self-service portal tied to an automated approval management system. This encourages more consistent maintenance, which in turn increases overall security effectiveness while creating an audit trail of changes and approvals.
- AD Group Management: Obsolete or duplicate groups can clutter up authoritative identity lists and create both process confusion and operational inefficiency. As with identity definition, group management should be pushed out of IT and into business team management to ensure active update and regular maintenance based on business need and use. Group membership should be defined by rule sets whenever possible to help overcome an error-prone ad hoc process, and to enable reusable definitions based on validated roles and well defined business rules. This process should be tied to task automation to ensure that the results of those rule sets flow back into stakeholder applications such as HR or directory services for compliance review and clean up
- Access Governance Compliance Monitoring and Audits: Which specific events are monitored depend on specific standards and regulations, but it’s wise to have a solution that automatically captures all identity, resource and access changes. Comprehensive automated logging, alerting and reporting (both scheduled and upon request) provide audit trails mandated by law (SOX, HIPPA, GLB, et al) and as well as those needed for the edification of the organization itself.
- Enhanced Security at the Point of Identity Verification: The identity management solution should start with ensuring password security through periodic and systemic change/update, continue with increasing password strength according to corporate policy, and move into supplementary identity verification technologies such as biometric and token-based user validation—common access technologies for newer devices.
Just like you would not buy a car solely based on the recommendation of your last car salesman, do not settle for an identity management software simply because it is supposed to be the “path of least resistance.” What you’ll find if you don’t perform your due diligence in looking for a new identity and access management software is one that resists your path to IT security.
Watch the Avatier Identity and Access Management Time to Value Gwinnett Medical Center Customer Testimonial
Get the Top 10 Identity Manager Migration Best Practices Workbook
Start your migration from legacy software with the Top 10 Identity Manager Migration Best Practices Workbook. Use this workbook to think through your information security risk before you transition to next generation identity manager software.
