Vendors emphasize identity management at RSA conference, Part 1

When I went to RSA Conference 2005, I wrote that just about every vendor had sought for a way to tie its product to identity. This year’s RSA Conference, you could erase the “just about” because all the vendors had an identity “hook” to their products. The emphasis is still on the security side – using identity management to control access or administer policy – but it’s clear that identity is taking its rightful place as the core, or platform, for everything that’s “interesting” about computing.

If I tried to cover all of the identity management announcements at this year’s show, I’d need all the newsletters until the end of the year. Instead, I’ll give you some highlights, some opinion on the announcements and some links so you can explore further on your own. Hold on tight, here we go!

HP announced OpenView Select Audit, and new enhancements to OpenView Select Identity. Features of Select Audit include a visual control modeling framework, which provides a dashboard that maps compliance guidelines to IT audit controls; and a centralized audit system to prevent tampering of records with a digitally signed aggregation of every administrative action, user change, access request and authorization decision. The HP OpenView Select Identity 4.0 enhancements include further automation of change management and compliance processes – such as when systems and applications are added, upgraded or retired – and the ability for administrative duties to be segregated as needed. That’s worth a closer look.

Courion announced capabilities to its Enterprise Provisioning Suite to address role lifecycle management and segregation of duties, claiming a first for a self-contained product (others use third-party role management products). Because regulatory requirements impose a duty to manage the lifecycle of roles, Courion has adopted its user lifecycle management technology – which is necessary for its provisioning solutions – to roles. See for yourself at the Courion site if it’s smoke and mirrors or the real deal.

Reactivity, which describes itself as an XML security gateway company, introduced an Identity Insight add-on module for its suite of Reactivity XML Gateways. Identity Insight is used to ensure that Web services users comply with the privacy and data protection requirements of government and corporate regulations, while also managing the identity complexity in distributed XML-based systems. If Web services is your bailiwick, investigate this further.

PortWise, best known in the mobile industry, announced the release of PortWise 4.5 with a claim to bring proactive identity and access management (IAM) to the mobile enterprise. PortWise 4.5 provides strong authentication using mobile phones and PDAs for as little as $5 per user. Users can also employ the same mobile phone to provide a unique “digital seal” for high-value transactions further preventing the fraudulent use of an identity. The company claims it can comprehensively report on all aspects of IAM, both historically or in real-time. If so, it’s worth a look.

I’ll have more in the next issue.