Identity Management: What Solution is Right for You?

12,161 views

Published on

In April, C/D/H presented on identity management, specifically comparing Microsoft, Novell, Courion, Oracle/Sun, and IBM.

Download the slide deck for an overview of the solutions and their strengths and weaknesses. You'll also find out more about out-of-the-box vs. add-on functionality, integration capabilities, and rough cost comparisons.

And last but not least, the factors in determining the solution that's right for you.

Published in: Technology
0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
12,161
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
681
Comments
0
Likes
6
Embeds 0
No embeds

No notes for slide

Identity Management: What Solution is Right for You?

  1. 1. CDH CDH Identity Management April 21, 2010
  2. 2. CDH Quick Facts About Us Approach Partnerships • 20th Year • Vendor Agnostic • Microsoft Gold • Grand Rapids & • Non-reseller • VMware Enterprise Royal Oak • Professional • Cisco Premier • 25 Staff Services Only • Novell Platinum • Citrix Silver
  3. 3. CDH Expertise Project Management Infrastructure P I C A Collaboration Access & Identity Management 3
  4. 4. CDH Overview • Specific focus on enterprise identity management – SMB session to be offered later • Discussion about what identity management is and what it involves • Project Approach and Planning • Market Capabilities and Trends • Vendor Comparisons and Overviews
  5. 5. CDH What is Identity Management? • User account creation, management, and cleanup • Attribute synchronization • Password synchronization • Password self-service • Delegated Management • Role Management • Single Sign On • Privileged User Management…..
  6. 6. CDH What Identity Management Is Not • Not a replacement for application/system management tools (though it can minimize the need to use them) • Not a primary security enforcement tool (though it can help) • Not simple • Not cheap • Not able to solve world hunger
  7. 7. CDH Approaches • Rule based account sync – Very common first initiative – Actions based on established rules • Roles based provisioning – Role mining/analysis – Enterprise role modeling • Workflow system – Electronic forms and processes – Doesn’t require systems to be connected
  8. 8. CDH Balanced Approach
  9. 9. CDH Services Infrastructure
  10. 10. CDH Initial Approach • Get management buy in • Analyze systems, applications, and processes across business units • Determine the pain points • Determine the points of greatest risk • Determine compliance requirements • Determine desired process improvements • Review current skill sets
  11. 11. CDH Vendor Selection • Determine most suitable vendors – Previous analysis as basis – License agreements/Pricing – Granular yet scalable • Demo/POC environment – Get the vendors/partners (wink-wink) to help – Most can be completely virtual
  12. 12. CDH Vendor Selection Continued • Exercise/test/play – Feed it samples of current data – Build representative roles – Involve other business units • Helpdesk, HR, others • Workflow interaction • Role management and assignment
  13. 13. CDH Common Mistakes • Taking on too much at once – Important to take it slow at first • Failure to get upper management buy-in – Business processes will change • Scope creep – “Let’s add this one simple application” • Allowing requirements to go unchecked – Contributes to complexity and scope creep • Not taking the exceptions into account
  14. 14. CDH More Common Mistakes • Not changing business processes – Too many implementations just automate bad processes – Use the opportunity to revise processes • Expectation of immediate ROI – Initially many processes may be duplicated for a time • Failure to establish full testing plans – Automated testing preferred
  15. 15. CDH More Common Mistakes • Using the existing NOS directory as the central ID repository – AD/eDir is a file, print, and workstation management directory – It should be treated like all other connected apps/systems • Collapsing too much to a single directory – Allow apps to have their own directory – IDM allows easy management of separate directories
  16. 16. CDH CDH Market
  17. 17. CDH Market Trends • User provisioning almost becoming a commodity – everyone does it • More emphasis is being placed on Roles and Governance, Risk, and Compliance (GRC) management • Data Leak Prevention (DLP) integration becoming more commonplace • Organizations tending to more look at IDM holistically
  18. 18. CDH Market Trends • Wizards, web GUIs, business process mapping tools, and “codeless” capabilities are reducing implementation times – Time to take a 2nd look • Greater integration with partnering technologies from other vendors – Role management products – SSO products • Many acquisitions changing the landscape
  19. 19. CDH Roles • Typically have multiple levels – Business roles – Permission roles • Entitlements/resources typically assigned to roles • Some can be 100% based on attribute values • Most should allow manual assignment with approvals
  20. 20. CDH GRC • What is it? • Governance – Establishing role and entitlement policies • Risk – Assigning risk factors to roles and entitlements • Compliance – Preventing unjustified access and proving it
  21. 21. CDH GRC Example • Risk levels are assigned to roles and entitlements • Increased scrutiny and monitoring applied to higher risk roles and entitlements • The risk levels of the roles and entitlements assigned to a person add up to a threat level • Increased scrutiny and monitoring of the user result from the increased threat level
  22. 22. CDH CDH Vendor Comparisons
  23. 23. CDH Vendor Grid
  24. 24. Enterprise Role Management CDH Market (Forrester) Forrester Enterprise Role Mgmt - Feb 09
  25. 25. Enterprise Role Management CDH Market (Forrester) Forrester Enterprise Role Mgmt - Feb 09
  26. 26. CDH User Provisioning
  27. 27. CDH CDH Vendor Overviews
  28. 28. CDH Microsoft • New release – FIM • Still way behind in the market, FIM won’t significantly change this • Still may be an easy choice for MS shops with limited needs • Can be cheaper than other solutions, but not on an apples-to-apples comparison • MS has stated that they want to become a leader in the market – will take much work
  29. 29. CDH Sentillion • Acquired by Microsoft – Still trying to figure out how to best integrate the technologies – Some of the technologies directly compete with FIM – what’s going to win? • Healthcare focused – Almost exclusively
  30. 30. CDH Novell • Continues to fight the “bad” reputation of their name • No concern over Novell’s viability • Extraordinary capabilities with limited coding requirements • Offers unparalleled platform flexibility • IDM 4 brings strong new capabilities to the mix – “game changers”
  31. 31. CDH Courion • A strong suite of powerful products • Focused specifically in identity management technologies • One of the earliest to offer SharePoint integration & management • Establishes partnerships and provides tight integration • Excellent rogue account management
  32. 32. CDH Oracle/Sun • Much FUD about what the merger actually means, not all is undeserved • Some integration has already occurred – Sun products being rename to Oracle xx • Highly capable solutions • Deep development requirements – Do you have dedicate Java developers? – You’ll need more
  33. 33. CDH IBM • Shares top tier rating • Part of the Tivoli suite of products • XPRESS for simpler implementation – XML based • Like Oracle/Sun, requires pretty deep development for more complex functionality • Aggressive product pricing in IBM shops
  34. 34. CDH CA • Recently acquired Eurekify, an excellent role mining and management vendor • Uses Policy Xpress (sound familiar?) to simplify policy “development” • GUI workflow designer tool • Also fights a bad rep at times • Tends to ignore smaller engagements
  35. 35. CDH Other Vendors • Too many to list! • A number build on Microsoft solution • Some show much promise – EmpowerID from The Dot Net Factory
  36. 36. CDH CDH Solution Similarities
  37. 37. CDH Commonalities • Centralized identity repository – Identity Vault – Metaverse – ID Store – LDAP • XML – Config and settings files – Transaction documents – Rules and policies
  38. 38. CDH Common Claims • Agent-less – Usually means limited (AD API vs LDAP) – MUST have an agent (client or server) for password sync from an app/system • GUI Builders and Wizards – Meant to simplify development – Provide for basic functionality – Sometimes don’t go far enough (how do you extend?)
  39. 39. CDH CDH C/D/H IDM Perspective
  40. 40. CDH C/D/H Experience • We help determine what IDM solution set and vendor is best based on the organization – Sync, SSO, reporting, monitoring – Existing relationships, budget, scope, skills • Clients from 250 to 250,000 users • Medium-large focus – Most clients in the 3,000-8,000 user range
  41. 41. CDH C/D/H Experience • Few in-house developers – Well established developer relationships utilized when needed – Focus more on business process planning • We like solutions requiring minimal development – Microsoft – Novell – Courion
  42. 42. CDH C/D/H Experience
  43. 43. CDH C/D/H Experience
  44. 44. CDH Thank You Royal Oak Grand Rapids 306 S. Washington Ave. 15 Ionia SW Suite 212 Suite 270 Royal Oak, MI 48067 Grand Rapids, MI 49503 p: (248) 546-1800 p: (616) 776-1600 www.cdh.com (c) C/D/H 2007. All rights reserved

×