IT administrators are increasingly burdened with the need to meet an ever expanding array of compliance requirements. At the heart of many of those compliance requirements is the critical need to understand user identity and access rights, it’s a need that IBM is claiming to meet with its new Tivoli Identity Manager version 5 (TIM).
Chris Bauserman, IBM Tivoli security and compliance product manager commented that TIM 5 expands on IBM’s prior TIM releases by making it easier and faster to deploy. It also boasts improved methods to help IT administrators meet the compliance needs of the business.
“Tim 5 is a major step forward in bridging the divide between how business users and auditors can see access and how IT security groups can protect that information,” Bauserman told InternetNews.com
Bauserman explained that how TIM 5 works is it starts off by looking at an authoritative source, like an HR system for example. TIM then takes that information and applies business policy to determine what access a user should have based on their business function. TIM then integrates with all the different directory systems and application access directories in an enterprise and propagates and co-ordinates access rights with those systems.
New templates and best practices content within TIM 5 provide admins with the ability to have standard business process around re-validation of user access rights, Buaserman commented.
Fundamentally TIM is about making access information meaningful to auditor and the business side of the enterprise.
“If you look at ActiveDirectory, just the fact that there is an account that doesn’t tell you what you can do with the account,” Bauserman said. “It comes down to the next level. Can I get access to a particular folder or resource that will let me see confidential information?”
With TIM an auditor can sign off and see that a user has access to certain information and that’s ok or not. The TIM 5 product will also integrate with IBM Tivoli Insight Manager for compliance and allows information in TIM to be compared against how access is used versus particular compliance requirements like PCI and Sarbox.
Identity management and access control is a large market. In recent years hype over Network Access Control (NAC) has created even more awareness of access control issues. NAC and TIM as it turns out, may well be complementary approaches. Bauserman commented that many NAC implementations rely on an identity directory of some sort to authenticate users against.
“We can manage identities through the directory services layer for NAC,”
Networking giant Cisco is a leader in NAC technology and is also trying its hand at managing identity. Last week Cisco announced its Trustsec
initiative which similar to TIM is an effort to co-ordinate identity information from multiple sources into a cohesive enterprise wide policy.
Cisco’s approach however relies strongly on the 802.1ae MACsec Ethernet security protocol for its transport layer.
Bauserman was unable to comment on the specifics of how TIM may compare against Cisco’s Trustsec. He noted that Cisco has been a partner of IBM’s for many years and that from IBM’s perspective the network is just one of the many endpoints that users need to be managed at by TIM.
Novell is another vendor that plays in the identity management and compliance space with the Novell Identity Manager 3.5 solution. Ivan Hurtt, product marketing manager, Novell Identity and Access Management commented that Novell Identity Manager offers high levels of integration with event management, authentication and single sign-on, providing businesses with a robust solution for meeting governance, risk management and compliance initiatives.
“As the identity management market continues to mature, many vendors are coming up to speed with base functionalities; but Novell has many years of innovating its identity management solution for large businesses, while also providing advanced tools to streamline deployment for small to medium-sized businesses,” Hurtt, said in an email to InternetNews.com.