SAN FRANCISCO – Compliance issues are moving the focus of identity management from administration of users and shifting it more toward access control and authorization to meet regulatory mandates.

The recognition of that shift was one of the highlights of this week’s Digital ID World conference, which is put on by Network World parent company IDG.

Identity management has not finished cutting its teeth on password synchronization, single sign-on, provisioning and privileges, but it is now more aligned with supporting access control, management, verification and authorization, according to Jamie Lewis, CEO of the Burton Group, who delivered a keynote presentation on the second day of the conference.

“Compliance has changed the landscape; it has changed enterprise identity management,” says Lewis. He says the foundation of identity management remains business processes and a supporting infrastructure but that the current trends suggest that users are focused on using those foundational elements for identity-based access control to systems and resources in accordance with company policies. In other words, to lock down access and log and audit such things as who is using their systems, when and what data they are accessing.

The trend has given rise to identity-based risk management, auditing and policy enforcement tools from vendors such as Aveksa, Sailpoint and Vaau.

Some users say the changes are contributing to a slowdown in the evolution of identity technology, which they say is not living up to original expectations, especially around federation.

Compliance is part of the slowdown, users say, but it is also caused by new user-centric identity models, which are fostering questions around where the true value lies in identity projects.

“We’re still at the beginning four or five years after we started,” said one IT architect for a Fortune 500 company who requested anonymity. “Progress is slower than anticipated and there is a lot of uncertainty. By this time we thought federation would be commonplace.”

Whitepapers

• Gene Kim's Practical Steps to Mitigate Virtualization Security Risks
• Selecting Effective Virtual Directories
• A Modern Approach to On-Demand Email and Data Security
• Best Practices for HP Servers and HP Enterprise Virtual Array in a Microsoft Exchange
• Compliance, Protection, Recovery: A Layered Approach to Laptop Security
• Endpoint Security: Data Protection for IT, Freedom for Laptop Users

View more SECURITY whitepapers

Webcasts

• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies
• Technical Overview of Exchange Server 2007 with HP Servers and Storage
• Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management On-Demand

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• Learn how to Keep your Mobile Workforce Connected
• The self-managed network

View more SECURITY special reports