We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

First Look

(Display Name not set)

Inside Gartner's Access and Identity Management Summit

Vote 0 Votes

Gartner's Research VP for Information Security and Privacy Ray Wagner doesn’t mince words when it comes to the current state of identity and access management.

Ray Wagner of GartnerIt is “an undocumented morass that doesn’t work well and is not very auditable.? It has also prompted Gartner to plan its first-ever summit on the topic. The Identity Access and Management Summit will be held from November 29 to December 1st in Las Vegas.

“Things like Sarbanes-Oxley and HIPAA and others have definitely driven an interest in doing a better job,? Wagner notes. “Today, a lot of organizations cannot easily develop a compliance report that says who has access to what in a reasonable amount of time and that’s a major problem.

“Plus identity management just isn’t efficient for a lot of organizations; if it takes a week for a user to get access to an application they need to do their job, that’s a week of lost productivity,? Wagner adds.

Wagner shared his ideas on how a company can justify IAM investments, define its ROI and minimize its cost.

“Automated password resets is one of those ways, and cutting out help desk calls for password resets, which tend to cost a fair amount of money and tend to occur on a relatively significant basis within enterprises.

But efficient IAM can also make for more efficient enterprises:

“When dealing with customers, suppliers, and contractors, you’re able to develop a better relationship often with these outsiders by knowing more about what they are in fact accessing within your enterprise,? Wagner notes. “And you can only do that by centralizing the practice of identity and access management.?

Wagner also detailed the following trends and solutions:

--The different compliance-driven IAM needs for companies in different verticals.

“Financial institutions need higher levels of authentication, while health and insurance companies need to protect privacy of communications. Relatively decentralized (and under-funded) educational institutions, on the other hand, are more open to open source technology.

--A welcome trend away from multiple IAM solutions:

“Rather than buying four or five different systems from four or five different vendors, you’d probably go to one single large infrastructure vendor who would offer you most of, or all of the functionality you’re looking for now. That’s been the big evolution over the past few years.

--Ways to leverage the network access control with IAM:

“Not only because not only do I want to check out the health of the PC that’s attaching to my enterprise network, but I might also want to see who is at the keyboard and in fact drop them into a sub-network that only has the resources they should only have access to. And I can get that information from my IAM system.?

Other trends include IAM’s and Web Services, strong authentication for identity management and personal identity frameworks – “the idea that individual consumers or individual users should have a little more control over their identity information.?

--IAM’s applicability to SOAs:

SOAs require “a representation of identity for the authorizer of the transaction … in order to order to attach this kind of identity information, you need some kind of a standard or format to do so and it turns out that identity federation standards are the best possible way to go about this process,? he notes.

--The role of user provisioning:

Within the identity and management access management framework, there are a couple of initiatives that area appealing involving user provisioning. User provisioning is a central facility within identity and access management; it’s relatively hard to do because you’re dealing with off-the-shelf applications and legacy applications which are not prepared to have a centralized identity management function and usually you have to do a lot of custom coding.

--And the role of emerging standards:

Service Provisioning Markup Language and Security Assertion Markup Language are both efforts at providing a framework for sharing of security information that will probably have significant effect in the security provisioning area in the next few years.

If this podcast has piqued your interest, you can find out more about Gartner's Identity Access and Management Summit set for November 29 to December 1st in Las Vegas by visiting http://www.gartner.com/us/iam.

For much more from Ray Wagner on identity access and management, listen to the entire 10-minute podcast. Download file

Join ebizQ producer Krissi Danielson for interviews with the innovators, movers and shakers behind emerging enterprise software solutions.Have a solution that qualifies? E-mail Krissi at krissi (at)ebizq.net

Krissi Danielson

Krissi Danielsson is a podcast producer with ebizQ and contributor to ebizQ's SaaSWeek site. View more

Recently Commented On