- Microsoft lays out SQL Server road map
- Credit card skimming
- Nortel's stock market capitalization plummets
- The Obama campaign's Search Engine to Nowhere
- Will Apple be forced to make more money?
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.
Can’t the auditors and the techies just be friends? Last week’s Network World story by my friend Ellen Messmer got picked up by many publications around the world which ran it under various different headlines, including this one by the U.K.’s TechWorld: “Auditors blame IT for botched identity management.” The original headline was “Survey: Half of compliance pros say their organizations botching identity, access control”, which is bad enough, but at least in that headline it wasn’t just the IT department taking the blame – it was the whole enterprise.
The survey, of audit and compliance professionals within enterprises, was conducted by the well-respected Ponemon Institute, and sponsored by SailPoint, an emerging leader in the field of governance, risk management and compliance. The report neatly complements a study done last spring which asked similar questions of IT personnel (see “User survey highlights difficulty of implementing regulatory compliance”).
Well, maybe “complements” is the wrong word – but the new study does reinforce what I saw as the main points of last spring’s survey: “Fragmented data, inappropriate tools, fragmented responsibility, lack of expertise leading to low priority for implementation – a classic recipe for disaster.” The IT people thought the audit people didn’t understand technology, now we learn that the audit people don’t think the IT folks understand compliance. Oh, and both groups do agree that the business people don’t understand either!
You should download a copy of the survey report and read the whole thing for yourself. But it does indicate to me that there’s some very fertile ground for vendors such as SailPoint (and Aveksa, and Securent and a bunch of others) to act as mediators, conciliators, go-betweens and arbitrators for the various parties within the enterprise that need to at least appear to cooperate when it comes to the extremely important area of compliance management.
Upcoming Events:
* The 1st International Conference on LDAP, Sept. 6-7, Cologne, Germany.
* The DataSharing Summit, Sept. 7-8, Richmond, Calif. (I’ll be at this one.)
* The Security Standard, Sept. 10-11, Chicago, Ill.
Check the upcoming events calendar at the Journal of Identity Management and let me know of any I’ve overlooked.
Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.

Ever since there have been stocks and shares there have been so called "pump 'n' dump" scams. This...
Spyware: Know Your EnemyLike Macavity, the fictional feline in T. S. Eliot's well-known poem, spyware may be considered to...
The Online Shadow Economy: A Billion Dollar Market For Malware AuthorsMalware, meaning computer viruses, trojans and spyware, is about money. The teenagers who wrote...

Microsoft SQL Server has enjoyed phenomenal success as a database server. Its relatively low cost,...
Minimizing the Risk of Information Security Breaches: Best Practices for SOA Governance and Compliance - Live October 21Today's enterprises face more information security risks and vulnerabilities than ever before....
Migrating to Windows Vista: Necessity and OpportunityThe Vista era of Windows is here. Yet most organizations will retain Windows XP alongside new Vista...

Discover why Unified Threat Management Firewalls are ready for the enterprise today. High...
The Evolution of Network SecurityWe have so many holes punched in our firewalls today that many industry insiders question the value...
The self-managed networkWe aren't there yet, but advances in network and systems management tools are making it possible to...
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment