Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
ID Management Gives Companies Control
Epok, IBM, and Mantissa unveil products to help businesses better manage access
May 13, 2005
3 Min Read
Business-technology managers face growing demands to strictly control who can access computer networks, systems, and applications, and to document how those controls work during security audits. They also need to provide more people, including outsiders such as partners, suppliers, and customers, with access to those systems. That's causing more companies to deploy identity-management software to better control and automate the management of access rights.
Those needs are fueling a boom in the worldwide sales of identity- and access-management systems, which are expected to grow from $528.4 million this year to more than $1 billion in 2009, according to market-research firm IDC. Epok, IBM, and Mantissa last week became the latest software vendors to show new or upgraded products for this market.
The advertising company Ogilvy & Mather Worldwide is an early customer for the new Federated Identity Manager from IBM Tivoli, which supports single sign-on and a variety of standards for federated ID management, which allows access to multiple networks and applications via a single sign-on. Ogilvy & Mather needed a product that could support whatever ID-management standard its clients use, says Andres Andreu, partner and IT director of Web engineering and applications. "Our clients make their choices based on their skill sets," he says. The IBM product eliminates the need to set up separate systems for each standard. "Now, I just establish a secure zone, and they do their own black magic with policies."
Covisint, a subsidiary of Compuware Corp. that provides IT services to the auto industry, also needed a federated ID-management system to simplify granting customers access to information. "Before, a user had to provide 10 different IDs to access multiple auto sites," says David Miller, Covisint's chief security officer. "That hurt privacy because so many IDs make it easy for somebody to steal one."
Covisint built its own system using XML and encryption but now uses RSA Security Inc.'s ClearTrust to secure its Web site, IBM's WebSphere to move content around, and RSA's ID-management system based on the Security Assertion Markup Language so customers and partners can traverse among DaimlerChrysler, Ford, General Motors, and other sites without multiple passwords. "What we had worked well, but now the SAML standard lets everyone communicate with me without deploying proprietary software," Miller says.
The Business Industry Political Action Committee, a 900-member group that promotes the election of pro-business candidates to Congress, uses the Java System Identity Management Suite from Sun Microsystems to manage access rights to its information and protect the privacy of members. The software makes it easy to control who can look up information and get E-mail messages about candidates and politicians, says Darrell Shull, VP for political operations. "Now we have information on the [members'] employees, but never their full name, Social Security number, or employee-ID number," he says. "I need just enough information, like a ZIP code, to authenticate them."
The growing need for sophisticated ID-management systems is spurring vendors to upgrade products. Epok last week unveiled the latest version of its Trusted Data Exchange, an identity-rights-management suite that adds support for BEA Systems' WebLogic, Microsoft's Visual Studio, Oasis' Extensible Resource Identifier, and Java 2 Enterprise Edition. Mantissa takes a different approach with iDovos, ID-management software that gives users control. Its Positive Identity Control technology lets users limit or prohibit use of an identity for selected financial transactions and new credit applications.
You May Also Like