By Chip Brookshaw

2 October 2007 -- Information technology managers are being hit with a one-two punch as regulatory compliance and security requirements increase the need to manage users' identities across the enterprise and network usage expands and becomes more complex. For too many organisations, this has resulted in time-consuming manual management that introduces security risks, not to mention wastes resources and distracts staff.

Sun Java System Identity Manager streamlines these tedious user provisioning tasks by offering flexible management tools along with auditing capabilities that are unique in the market. The powerful auditing features bolster security, improve compliance and provide repeatable processes. It's a complete solution for the identity management lifecycle and another way Sun leads the industry in solving security-related problems.

Gartner positioned Sun in the Leaders' Quadrant for User Provisioning in their recent "Magic Quadrant for User Provisioning, 2H07" report. Gartner places companies in the Leaders' Quadrant based on a combination of two factors: completeness of vision and ability to execute.[1]

Sun Java System Identity Manager also received a "Hot Pick" award from Information Security magazine which reports the product "allows an enterprise to use a single console for a multitude of ID management tasks, including role delegation, password synchronisation, automated provisioning and compliance auditing".

What is User Provisioning?

Effective security requires excellence in four areas: authentication, authorisation, administration and auditing. User provisioning refers to the administration and auditing phases—that is, the ongoing management of user identity.

Unfortunately, the "ongoing" nature of identity management can require time-consuming, resource-draining manual processes. Consider the work that is generated every time there is a new employee or someone leaves your organisation--so-called onboarding and offboarding, or provisioning and deprovisioning.

Onboarding requires providing all new hires with access to relevant systems: building access, workgroup servers, retirement plans and so on. Without a strong user provisioning system, this process can become extremely drawn out--taking up to 10 days, according to John Barco, Sun director of product management, Identity Management.

Managing the departure of an employee can be equally time-consuming, and the repercussions of slow or inadequate offboarding can be extremely serious. If network access is not terminated in a timely manner, security is compromised, which can then trigger non-compliance violations under Sarbanes-Oxley and other regulations.

Powerful Administration

Sun Java System Identity Manager streamlines and automates onboarding, offboarding and ongoing tasks with a set of powerful administration capabilities. "Identity Manager can accomplish in hours or even minutes what might take a week or more to finish manually", says Barco.

Sun Java System Identity Manager's administration features include:

• Policy-based provisioning and workflow: Automates the entire lifecycle of identity management
  
• Automated certification review: Schedules reviews of access privileges and policy violations, and initiates automatic remediation
  
• Strong security services: Detects audit log tampering and enables digital certificate-based approvals
  
• Extranet and federated identity administration: Provides highly scalable architecture, with tested support in environments of more than 10 million users
  
• Business process editor: Includes powerful integrated development environment (IDE) with library of process templates

Robust Auditing

Sun Java System Identity Manager auditing is the "ounce of prevention" that helps prevent costly security breaches and regulatory violations. These capabilities are comprehensive and proactive. You can audit an entire enterprise far more quickly, easily and effectively than with any manual method.

Sun Java System Identity Manager offers an Audit Policy Engine that enables IT controls to be easily translated into digital policies, permitting tighter enforcement during provisioning and auditing. Identity Audit Scanning automatically checks for identity-related policy violations in target applications. When policy violations are uncovered, Sun Java System Identity Manager can remedy them automatically.

This level of fine-grained, automated auditing is particularly useful during attestation periods, the quarterly windows during which many companies, to meet regulatory requirements, must roll up and report the status of network assets. "Without Identity Manager's auditing capabilities, attestation can be oppressingly labour-intensive", says Barco.

Other key auditing features in Sun Java System Identity Manager include compliance reporting and a compliance dashboard. For reporting, Sun Java System Identity Manager offers preconfigured and custom reports of identity and audit data. The dashboard displays a summary of compliance metrics including violations, exceptions and anomalies. It is a quick way to check your organisation's overall state of compliance.

Ahead of the Pack

In a market that has only recently grasped the importance of identity management and compliance, Sun Java System Identity Manager is a stable, mature solution that will help reduce the cost of managing identities both inside and outside your business.

Even better, Sun Java System Identity Manager is absolutely free. Download it today and see what it can do for you.