Enterprise IT Identity & Access Management

A Buyer's & Integrator's Guide - WebLog Version 1.0

June, 2006

  • IAM in TwC

    I attended 2006 Microsoft EE & TwC Forum recently and tried to find out if there is any relationship between IAM and TwC. It is interesting that TwC (Trustworthy Computing) has Identity and Access Control as a grand child. At top level, TwC has...
  • IAM Strategy

    IAM is a combination of processes, technologies, and policies enabled by software to manage digital identities in their lifecycle and specify how they are used to access resources. IAM is a superset of AAA (Authentication, Authorization, Auditing)*. Here...
  • How to Reduce TCO of Identity & Access Management

    Identity & Access Management is an expensive investment in IT. Here are some tips to reduce Total Cost of Ownership: Follow the rule of economy of scale - If more people use the same solution, the unit cost of the solution will decrease. Therefore...
  • Authentication Strategy

    Authentication is the procedure through which a user or a device or a service (or application) provides sufficient credentials to satisfy access requirements to another service, application, or system. User Authentication Strategy: · Prepare and...
  • Authorization Strategy

    Authorization (or establishment or entitlement) defines a user's (or process') rights and permissions to a resource. After a user (or process) is authenticated, authorization determines what that user can do to the resource. Here are some authorization...
  • Auditing Strategy

    Auditing (also referred as Audit or Accounting or Accountability) ensures that the activities associated with user access are logged for monitoring, regulatory and investigative purposes. Auditing Strategies for IAM to be compliance: Identify...
  • How to Improve Security with Identity & Access Management

    Every time I told a friend I got an IT security job, I was always asked a similar question "Do you catch hackers or virus?". Of course, the popularity of the Internet definitely puts external threats and attacks on enterprise IT security's radar. However...
  • How to Increase Productivity with Identity & Access Management

    With right IAM solutions, your business can increase employee's productivity (or avoid the loss) significantly. Before you look into IAM solutions, you should identify major factors impacting employee's productivity in your business. Some common factors...
  • How to Help Regulatory Compliance with Identity & Access Management

    You can use IAM solutions to help demonstrating regulatory compliance such as SOX Section 404 and 302, HIPPA, GLB, Basel II Capital Accord, FDA 21-CFR-11, HSPD-12, EU Privacy Directive, PIPEDA, and LSF. SOX: There are many SOX compliance tools and...
  • Authentication Protocols and Standards

    Some of most popular authentication protocols and standards are: · KERBEROS v5: Kerberos is an open standard for distributed systems authentication ( RFC 1510 ). It relies on shared secret (or password) authentication by users to an authentication...
  • Microsoft Internal Solutions

    Micorsoft IT has implemented several internal IAM solutions and here is a list of links. Enabling Cross-Forest Identity Management with Microsoft Identity Integration Server 2003: http://www.microsoft.com/technet/itsolutions/msit/deploy/cfimwiis...
  • Review - BMC Identity Management for .NET

    BMC IdM for .NET offers a suite of solutions in .NET environment including workflow, directory management, audit, self service, password management, Web single sign-on, and federation. Pros: - Automated HR driven provisioning - Role based access...