Covering all your bases in a regulated industry

We last saw Vintela in this newsletter last month when I was talking about “superlablurbs” (see link below) and how it billed itself as “A leading provider of innovative platform integration solutions for Unix and Windows.”

In fact, Vintela is fast becoming a leader in the field of integrating Active Directory-based identity management into Unix and Linux. It turns out, though, that Active Directory wasn’t actually the catalyst for the company.

I spoke to Vintela’s CEO, Dave Wilson, and CTO, Matt Peterson, last week about their recent release of the Vintela Group Policy add-on to their Vintela Authentication Services package (see last week’s Windows newsletter for more details https://www.nwfusion.com/newsletters/nt/2004/0920nt2.html), but we also ranged far and wide about the company itself.

Both Wilson and Peterson came out of the Santa Cruz Operation, the pioneering Unix-on-Intel vendor. Both were familiar with Kerberos from those days and were delighted when Microsoft latched onto this traditional Unix authorization service to use with Active Directory. They quickly saw that Kerberos was the key to tying together diverse Windows, Unix and Linux servers, hosts and networks. Well, one of the keys at least. The two ideas that drive the company can be summed up as:

1) The networking world is diverse and will stay that way.

2) Standards will continue to emerge to overcome the problems of diversity.

Kerberos is just one of the standards that Vintela is leveraging to solve diversity problems. The company, though, finds itself as a center of attention as regulations grow and compliance with the regulations drives technology decisions.

Proliferating government regulations all appear to have one technology in common – identity management. For example:

* The Gramm-Leach-Bliley Act.

* Health Insurance Portability and Accountability Act.

* Sarbanes-Oxley Act.

* Statement on Auditing Standards No. 70.

* The Food and Drug Administration’s 21 CFR Part 11.

* European Data Protective Directive.

Each of these could have been subtitled “The Identity Management Full-Employment Act” since all involve validation, authentication, authorization and auditing to a greater or lesser (usually greater) degree. The regulations themselves are operating system agnostic. If you have a diverse, heterogeneous computer operation then you need to come up with compliance solutions that cover all of that diversity.

You could, of course, come up with Sarbanes-Oxley Act-compliant services for your Windows (with Active Directory), Linux (with eDirectory) and Solaris (with iPlanet, or whatever it’s called this week) then staple together the various reports and hope the regulators will understand. Take my word for it, they won’t. They want to see standardized reporting that covers all of your operations, all of your platforms and they want it all in one auditable report.

Looks like Vintela will be around, and successful, for a long time to come.