Creating an identity management plan is like a game of Monopoly

* Dave discusses identity management with CA's Toby Weiss

I was talking with Toby Weiss, from CA last week. He’s senior vice president of eTrust security management, the man responsible for the various identity management offerings from what is, arguably, the company longest in the field - at least if you trace their products lineage. We’d last spoken about 18 months ago, right after CA had acquired Netegrity. At the time, I worried that either CA’s traditional enterprise clients or Netegrity’s SMB focused clients might feel short-changed by the merger. Weiss believed that CA could successfully merge the technologies while keeping existing customers of both companies happy. As I said then, “Time will tell.” And it has.

CA has, I think, successfully integrated Netegrity’s technologies while keeping most of its customers, both large and small, pleased. But we only looked at that in passing. Toby was more interested in talking about what I’ve referred to as “identity context” and he called “presence.” It seems that a number of customers had asked for more work in this area. Context-based access was one thing they especially wanted. That is, the things a user could access - as well as the rights of the user to those things - should vary based on the platform and location of the user. I’ve heard that from a number of vendors, but the next thing Weiss mentioned was new to me.

He said that some customers wanted identity attributes held in cache, but never written to disk. These “session only” attributes could change rapidly (think about a cell phone moving from tower to tower while you drive, for example) without a need to preserve a trail. But if the data isn’t written to disk, then it would be important to use a distributed, cache-only data store. Just the sort of thing that a directory built on solid SQL-database principles - like CA’s eTrust - can handle, and has handled for some time. AS presence/location becomes more firmly enmeshed in the identity paradigm this could be really important.

Toby also noted that CA is making great strides in Healthcare fields with HIPAA-compliant session management, portable sessions (i.e., the data follows you from workstation to workstation) and policy-based access. HIPAA has changed healthcare identity and security much more than any other regulatory requirement has affected a single industry.

He also wanted me (and you, of course) to be aware that CA has Cisco NAC-enabling it’s products.

We also chatted about the industry in general and touched on the various other mergers and acquisitions. In talking about integrated suites vs. “best of breed” solutions, Toby brought up what I’ll call the “Parker Brothers” analogy. He said that putting together an identity management plan was like a game of Monopoly - you could have three properties from three different color groups, say Boardwalk, Marvin Gardens and St. Charles Place. Or, you could have the relatively low-rent Connecticut Avenue, Vermont Avenue and Oriental Avenue. The low-rent, light blue properties have a face value of $320 while the three from different color groups have a face value of $820. But any veteran player would want the $320 properties - because then you could build hotels on each (which you can’t do unless you own all properties in a color group). So even though the “face value” of a best of breed solution might be much higher than an integrated suite, Weiss contends that the suite will pay far higher dividends from it’s seamless connectivity. It’s an interesting analogy.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

IT Salary Survey: The results are in