Security automation: The next wave

1 2 Page 2
Page 2 of 2

"The work it would take to automate provisioning of every combination of role and application boggles my mind," Deffet explains. "So we plucked the low-hanging fruit that we could get to quickly. It's not our ambition to get every piece of fruit off that tree."

Nextel set up four gross user roles - employee, contractor, business partner, customer - and automatically provisions access to resources common to all users within those roles. For example, resources allotted to the employee include LAN, e-mail, VPN and Internet access. In another year or so, Nextel says it hopes to develop more detailed attributes, such as department and job title.

For the second phase, which entails business partner self-registration, Nextel had to wait for its Web access control vendor, Netegrity, to adopt the Organization for the Advancement of Structured Information Standards' Security Assertion Markup Language (SAML ). Nextel wanted SAML to support delegated administration, he says.

That phase rolled out late last year. Now Deffet's team is looking into ways it can use federated identity standards to give Nextel employees access to applications outsourced to its business partners.

Such is the pattern with all security automation, Garigue says. First you identify the risk, then develop standards and finally, you automate best practices. This pattern will repeat itself far into the future, particularly as companies deploy new data center architectures for distributed and service-oriented computing, he adds.

Radcliff is a freelance writer specializing in online safety and network security.

Learn more about this topic

The state of automation

Network World IT Education and Training Newsletter, 05/12/04

Automation action

Network World Fusion, 03/07/05

Automation's future

Network World Fusion, 01/10/05

Automation know-howNetwork World, 10/25/04
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2