Tight ID mgmt. integration is your get out of jail free card

* Identity management products: Loosely aligned or tightly integrated?

Last week I recounted the "Parker Brothers" analogy from Toby Weiss, CA's senior vice president of eTrust security management. He said that putting together an identity management plan was like a game of Monopoly - you need all the properties (i.e., "applications") to be in the same color group (i.e., single-vendor suite) before you can build hotels (i.e., reap big ROI). That set off some speculation in my inbox as well as a lot of nostalgia as people reminisced about various Monopoly boards they've played on over the years - Collector's Paradise claims to sell more than 150 different ones!

When I said that the different properties in a color were like the seamlessly connected applications in an identity management suite, Brian Brannigan - that crack consultant from the land of Oz - jumped in to remind me that none of the color sets are "seamlessly" connected - Park Place and Boardwalk (or Park Lane and Mayfair as he called them) are separated by the tax square, for example.

It's true that I've seen (as I'm sure you have) "suites" that were only connected because the brand name was in the same font and color on the splash screen that comes up when they load. But there are other suites designed from the ground up to be separate, independent but interconnected modules of a larger all-encompassing identity management product. One good example, recently mentioned here, is AIMS - the Avatier Identity Management Server.

There's a third possibility besides the fully integrated suite and the "roll your own" best-of-breed concepts, illustrated by the announcement from Sun and SAP last week: tight integration of products from two independent vendors to deliver a better end result for the customer.

The partnership will combine the Sun Java System Identity Management Suite with SAP's Virsa Access Enforcer (recently acquired when SAP purchased Virsa). The combination is intended to give businesses a simple, effective way to control which employees have access to specific information stored across a company's entire IT infrastructure, regardless of what type or how many systems are deployed. This while also allowing organizations to identify and prevent real and potential security breaches, and create audits to demonstrate compliance - all completely automated and all in real-time.

Now Sun could have created such a product completely on its own (SAP could have, also, but that might have taken longer) but the tight integration might have been missing. Seamlessness and tight integration are important when you're trying to protect your assets - or comply with regulations in order to stay out of jail! Think about it.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

IT Salary Survey: The results are in