Friday, February 12

Identity Governance is not One Size Fits All

I read an article this morning written by SailPoint's Darran Rolls titled How Identity Governance Solves the Compliance. Aside from my feeling that the title was either cut-off or misprinted, the article makes a lot of sense. Rolls writes:
The identity management landscape is changing. The need for stronger auditing controls is giving rise to identity governance tools that are supplanting ID provisioning solutions as the centralized management layer for identity.
and later makes the point that:
This ability to translate technical identity data into business-relevant context is a critical advancement from old-school provisioning technology.
Yes and Yes.

This is exactly what I've been spending my time on at NetVision. One difference though. Much of Rolls' article focuses on the topics of platform coverage and correlation. While our solution scales and is deployed well into the Fortune 500, most of the organizations we speak to are turned off by the complexity involved with integrating numerous platforms.

NetVision's focus is on core network systems - Microsoft and Novell. That's Active Directory or eDirectory, which hold network user accounts, security groups, and some other entitlements based on account attributes -- and the associated file systems, which are a breeding ground for unauthorized access of sensitive information. Our goal is to be simple and easy to use, with no requirement for in-house expertise on access rights. And we get results on day one.

I'm not trying to give a pitch. My point is that Identity Governance is important. But, it's not one size fits all. While some organizations are looking for the solution with the broadest range of platform coverage and are willing to accept the inherent complexity, many are looking for easy-to-use, simple-to-own solutions that cover core networking platforms.

Who Has Access to What? is the question of the year. Tools that enable you to audit, monitor, alert, and report on access rights are a must-have for driving down audit costs and improving your ability to answer that question. We're entering the next wave in Identity Management. And it's not a pie-in-the-sky utopia of federated identity with built-in governance (yet). It's real-world solutions for answering the question of year with zero effort.

4 comments:

Edward Killeen said...

This is something we're seeing more and more of as well. We view our software as an agent for change in Active Directory and our customers just aren't satisfied with the current crop of auditing solutions whose whole point is to satisfy that they have an auditing solution.

They want the information in the hands of users (group owners, managers, admins, etc) not just to have a couple of terabytes of data for an auditor to review.

Anonymous said...

matt,
great insight; like others we are seeing interest in sailpoint as a critical component of the total compliance solution.
how is netvision integrating with sailpoint?
regards,
joe

Anonymous said...

Matt-- I like what you've written here. As you point out, "who has access to what" is a critical question. Novell has made some great in-roads already to answering that concern. However, I think the next release of Novell Identity Manager 4 product will go even further. Guess we will have to wait for BrainShare happening in March to get a sneak peek at though! I can't wait!

Matt Flynn said...

Thanks for the comments!

Joe, if you have a minute, send me a direct note. They're definitely different solutions but we're both hitting at the same underlying business challenges.

Anon - We've been working closely with Novell on OES monitoring. And I've been hearing good things about NIM. ...look forward to hearing more.