To IBM, identity management is bigger than big. IBM has always put a high priority on account control, and identity is inextricably linked to accounts. In the last few years, IBM has rounded out its identity management product offerings by making acquisitions, developing new products internally, integrated existing products, and forming partnerships.
At the same time, IBM is attempting to stay neutral and not require its customers to get locked into its own identity management products. The company is incorporating standards and supporting a range of directories, application servers, and databases.
IBM Goes Shopping for Identity Management
In mid-2000, IBM had a few loosely related identity and security products. In the approximately 30 months since then, IBM has invested in its directory services product, IBM Directory Server, filled in missing technology with acquisitions, and given its identity management effort a home in the Tivoli Division.
"IBM Tivoli Access Manager is a cornerstone of the play, with more customers and generating more income than other products in the suite," says Mike Neuenschwander, senior analyst with Burton Group, who issued a report in April 2003 titled, "IBM's Big Bet on Identity Management; Win by Breadth and Depth."
In 2002, IBM acquired two identity management companies: Metamerge, a maker of meta directories, and Access360, a provisioning company. Since then, IBM has been working to integrate the acquired products into the line and reduce overlap with existing products. "Customers have been griping a little about the integration issues," says Neuenschwander, acknowledging that prior to the acquisition, customers would have had multiple vendor relationships and completely separate products.
Joe Anthony, program director, security market management for IBM Tivoli, said the focus is on building a foundation for identity management within the enterprise. "It is typical for a large enterprise to have over 100 repositories for identities, in e-mail directories and applications," he says. "Where you are going to keep the authoritative source of identity information is the question."
The products in IBM's identity management line include:
- IBM Tivoli Directory Server: first released in 1997 as IBM eNetwork Directory, soon after Netscape released its directory server (now owned by Sun Microsystems). Directory Server was built atop Lightweight Directory Access Protocol (LDAP). It features multi-master replication and a browser-based user interface. The data store is a DB2 database.
- IBM Tivoli Access Manager: Built atop the IntraVerse product that IBM acquired from DASCOM in January of 2000. Tivoli Access Manager is used to authorize users to a range of systems, such as Web servers and applications. It helps comply with privacy and other government regulations by defining access policies, which can be audited. It can also define roles for users that incorporate the systems and functions users can access. IBM has more than 100 relationships with suppliers of software products that tie to Access Manager.
IBM Tivoli Directory Integrator: Built atop the Metamerge meta-directory product that IBM acquired in mid-2002. Directory Integrator is used to define an authoritative source for identity information. For example, the human resource application can be defined as the authoritative source for employee name, address, and home phone.
IBM Tivoli Identity Manager: Now based on the enRole provisioning product acquired from Access360, also in 2002. IBM scrapped the investment made in its homegrown product, also called Identity Manager. Work is ongoing to integrate Identity Manager with Directory Integrator.
IBM Tivoli Privacy Manager: An IBM-developed product used to grant access to certain records and databases, depending on the authority and job responsibility of the user. Privacy Manager is useful for proving compliance with government privacy and other regulations. It's based on the Platform for Privacy Preferences (P3P) specification of the W3C.
IBM Tivoli Security Compliance Manager: An IBM-developed product used to examine individual desktop and laptop computers for compliance to corporate policies on software and configurations. The server-based product allows administrators to maintain compliance without visiting individual machines. The product has its roots in IBM Global Services, which developed it from some of its engagements.
IBM Tivoli Risk Manager: An IBM-developed product that feeds information from identity management products into a single event console. The product can accept information from approximately 70 devices, such as Cisco firewalls.
This article was first published on Inside ID, a JupiterWeb and EarthWeb site. To read the entire article, click here.