Enabling Secure Access for Web, Enterprise, and Remote Users

(14/01/2009)

The requirement to provide Web and remote user access to an extremely diverse range of information systems is one of the main driving forces behind the need for the latest generation of IAM-based protection systems.

Two recent announcements in the still-consolidating Identity and Access Management (I&AM) market may cause concern for customers of two of the largest vendors. Firstly, IBM announced its acquisition of Encentuate, whose main offering is a Single Sign-On (SSO) solution. Secondly, HP is to discontinue sales of its I&AM offering, SelectAccess, to new customers.

Business must take complete responsibility for the full and proper protection of the information that it holds, but that information must remain openly available to users who have the correct access rights. Operational complexity precludes organisations of any size from knowing the vast majority of their information users. Therefore, access to business systems needs to be managed using rules and controls that can be fully aligned to the operational requirements of the organisation.

A new report looks in depth in the issues related to Identity and Access Management.

To keep up with today’s ever-evolving information-access landscape, Identity and Access Management (IAM) solutions must provide the unchallengeable ability to control, define, and prove the access credentials of all groups and individual systems users, irrespective of their source or location. Many of the latest technology advances and business usage demands are forcing change on the systems dynamics of identity management and its access control capabilities.

All of which, means that some of the long-standing, tried-and-trusted IAM solutions on the market today look as though they are struggling to remain fit for purpose. Some very large vendors are getting out of the IAM arena. Whilst others are responding by moving in the opposite direction and extending their solutions to meet the latest business demands which include: increased use of Web and secure remote access facilities; inter-company requirements for federated information sharing and user management; extended fraud protection; and ever-increasing regulatory demands.

We can well understand the logic of IBM acquiring Encentuate, given that the software currently sold as IBM Tivoli Access Manager for Enterprise Single Sign-on (ITAM for ESSO) consists of software from Passlogix, an OEM partner. In positioning Encentuate’s product as its I&AM portfolio’s enterprise SSO constituent (which provides SSO for applications and resources from in-house), IBM may be in a better position to improve integration with its Web SSO (providing access to Web-based resources) and Federated SSO (sharing access across organisational boundaries) offerings. Hence, IBM plans that Encentuate’s software will form the core of the next release of ITAM for ESSO, which is planned to be in this year’s third quarter.

IBM seemed most unwilling to explore in-depth with analysts the implications of this product change for existing customers of ITAM for ESSO, who it seems have the choice of becoming Passlogix customers (i.e. negotiating with the company that originally licensed IBM to re-use the product), or adopting the Encentuate-based new version.

While customers need have no concern in undertaking a relationship with Passlogix (which is well established, and has a similar deal with Oracle to that it had with IBM, as well as many other partnerships with leading players in this market), the need to have to do so may be forced upon some by IBM’s position, and this may not be the way that organisations wish to undertake their management of IT vendors.

The alternative of following IBM’s product upgrade path is likely to involve significant investment: there was no indication from IBM of any migration tool for policies, credentials, settings, schema extensions, or databases – the artefacts that constitute a customer’s system just as much as the base product itself.

HP, meanwhile, was careful to say that it will continue to support existing customers of SelectAccess, the software acquired in 2003 from Baltimore Technologies. However, those customers might be concerned in planning further developments around a product that will not benefit from any further developmental investment.

From HP’s perspective, however, this move is perfectly understandable, as the company had rather stood still after making its initial acquisition in the I&AM market, and meanwhile its competitors have expanded their capabilities to an extent that would require HP to invest considerably to upgrade SelectAccess commensurately, and with little prospect of making a differentiating mark in what is now a largely mature market.

It is interesting to see IBM continuing to invest in the higher-value areas of IT security products, and it seems to have recognised the strong technology base of Encentuate’s product in announcing plans to leverage the acquired company’s development team as the basis for an IBM Security Software Laboratory in Singapore. That is perhaps one source of future innovation, and it is expected in some respect to see IBM’s offerings in the security space broaden further, following on from this acquisition, and those in the recent past of Internet Security Systems (ISS) and Consul.

Despite this move by HP, we still would not be greatly surprised to see the company make a big acquisition in the security marketplace. It has very sizeable ambitions to grow HP Software, and also has the scope to complement any range of security offerings with expanded capabilities from HP Services, further broadening its relationships with customers. A number of potential acquisition targets might, similarly to HP, sell into both the consumer and enterprise markets, providing HP with cost-saving delivery synergies, and cross-selling opportunities.

Purchase this report: Identity and Access Management - Enabling Secure Access for Web, Enterprise, and Remote Users (Butler Group)

Related topics:  Authentication and identity management   Data management and data security   Internet and Web security   Mobile and Wireless Security   Security management and policies 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources