Identity Management Success

Hello Everyone:

I hope you all are having a great weekend. Just a note to let you know that with Links Business Group LLC the best gets even better. Yes — IAM Success Tips: Volume 1 is now updated. New features just packed in to the downloadable eBook edition include:

• Updated articles
• New Appendix 1 Section, providing even more information and background on IAM Stage 1 (Concepting & Strategizing)
• New Cover Art
• New bonus downloads, such as special podcasts and newsletters
• And much…much more….

And the best part?…. Still the same price for the digital eBook edition. That’s right. Still only $99.00 USD for the newly expanded digital download edition. Once you purchase this ground-breaking book, any and all future updates made to the Volume 1 digital edition, are yours. Here is a quick recap of current IAM Success Tips: Volume 1 versions:

• Volume 1 eBook - Digital edition in PDF. No DRM, but do note that the eBook edition is non printable.
  • Price: $99.00 USD

  

• Volume 1 eBook - Printable PDF. Same as above, but printing is allowed on this version.
  • Price: $119.00

  

Looking for a paperback edition? We have you covered there as well. Stay tuned for announcements on the paperback edition soon to be released and available from major resellers.

Already purchased a copy of the original edition? You will be receiving your updated copy of IAM Success Tips: Volume 1 within 4 business days. As always, please send any questions or comments to “info (at) linksbusinessgroup.com”

Thanks again for purchasing this one of a kind book.

All the Best, of Identity Management Success.

Corbin H. Links, President
Links Business Group LLC

Hello Everyone:

Is it just me, or has anyone else been recently stuck trying to solve the latest “last mile problem?” Last mile you may ask? This time, I’m talking about the issue of connecting all of those “target systems” to this new generation of what I call “complianceware” tools. The idea of “complianceware” tools is that they help ensure that all of your target systems are compliant with regulations (GLB, SOX, et al.) and maintain dashboard and reporting features — among others. So the last mile is the connection distance or method between the data to be analyzed/audited/baselined/reported/role mapped, (target data) and the source of analysis (source system.)

Into this mix, I would also place role mapping tools, or “roleware” (which can be closely aligned with, or even a part of, “complianceware” packages.) A great many vendors are now out on the market talking about auditing, reporting, role mining, role mapping, role-based access control (RBAC.) I have had the opportunity to experience several demos of the latest technology in the space, in addition to implementing many traditional “big iron” IAM tools that to some extent include this functionality.

My findings? All in all, the newest generation of tools are great — even phenomenal — at doing what they do best. Analyzing data, log files, flat files, data streams (traffic passed over the wire or otherwise,) mapping, collating, reporting, dashboarding, dynamic role creation and mapping, and even provisioning and de-provisioning of access and accounts. This is all great, and in and of itself, this tool category can add enormous value to today’s enterprise.

But here is the challenge: how to get data from your “target” system (i.e. what you want to audit and report on,) to your action and analysis system? (Source / auditing system.) This is a common question we ask of vendors, but the honest ones are not able to give a strong answer.

Sure, the modern tools can slice and dice files in amazing ways. They can do incredible things with role engineering and compliance baselining. In other words, once these systems can get at the data, they can do amazing things. In many organizations however, “getting at the data” can be difficult if not downright politically impossible in some organizations. Without valid connections, schema maps, access to csv or XML-based files containing target data for analysis, live log files, access to bit streams from the network wire, or other methods, they cannot do anything. Zilch. Nada.

What do vendors offer? Yes, they have connectors, agents, adapters, filters, protocol analyzers, etc. But how do they solve the people, political, organizational challenges of people that just plain do not want to make that happen?

Here are five key suggestions that almost all organizations to use to close up that “last mile” between the complianceware system, and the target systems.

1. Get the resource owner buy-in before investing in complianceware/roleware. This is key. Don’t just buy something and expect that you can just seamlessly hook everything together. I don’t care how easy or transparent the product vendor tries to make it. The vendor cannot make your clients/subject matter experts provide what they do not want to provide. Even if the technology is there, the political will may not be there. If buy-in is not there, then your organization should be taking serious stock of its situation. What is the cost of forcing subject matter experts to comply? Is it worth losing them if need be? This exercise will also help guage your effectiveness at communicating the program vision and goals, while setting realistic expectations.
2. Task each application owner with providing at least two points of entry for their applications. These may include (but are not limited to):
   1. Agents or adapters form the complianceware system to the target system
   2. Non-connected methods such as csv files, space separated files, tab delimited, structured xml, or any other type of output format that is mutually supported by the target system and the complianceware system.
   3. Indirect query methods such as direct SQL queries into application databases
   4. Give application owners choices as to how they want to provide data. These choices will be driven by the capabilities of your source and target systems.
3. Try this exercise:
   1. Send a survey to your top departmental managers. Ask them “if you could have any report that told you what your people were doing where, with what, and when,” what would that report look like? The answer(s) to this question will help determine your product evaluation criteria
   2. Ask your auditors the same question. Ask them “if you could walk in here tomorrow and receive one report in your hands containing everything you wanted to know, what would that report look like? What would it contain?”
4. Choose a test or development copy of one of the three applications discussed above. Then try accessing user records by two or more of the agreed or supported methods. Be sure it is a development or test copy, so that there is no haggling over who owns what, or what level of “access” is appropriate. The point of this exercise is to just test data extraction and analysis. The results of this can be used as “sales and marketing” material for the more resistant stakeholders in your enterprise.
5. Don’t underestimate the time/effort/complexity involved in connecting all of your Identity stores, databases, legacy systems, and custom applications with your IAM framework or complianceware tools. It is helpful to add a “complexity multiplier” to each resource when estimating integration time. We often take a baseline of the ‘easiest’ or most broadly supported target system, then add multipliers as point values. For example, baseline Microsoft SQL 2005 database integration at 1.0, then adding DB2 at 1.2 (may be more complex,) and Sybase at 1.5 (forms or adapters may be inadequate for your requirements,) etc. These are examples only, and not intended to be indicative of actual complexity - which will vary widely between organizations and chosen software tools.

For additional information on the topics above, please consult with your copy of Identity And Access Management (IAM) Success Tips: Volume 1. Don’t yet have a copy? Ordering is easy. Just click here or click the “Buy Now” button over to the left of this article.

Thoughts? What have you experienced? Other creative suggestions for closing up the “last mile?”

All the best, of Identity Management Success.

Corbin H. Links, President
Links Business Group LLC

©2003-2008 Links Business Group LLC. All rights reserved.

Hello Everyone:

Just a quick update on the list subscriptions. Our list management provider - Aweber - sent the latest report. There are still a few hundred members of the previous list who have not yet verified their new subscriptions. Please check your SPAM or Junk mail folders for messages from aweber.com or “iam-success@aweber.com” on behalf of Links Business Group LLC.

Should you find any of these messages in your junk folders, be sure to add both addresses “info@linksbusinessgroup.com” and “iam-success@aweber.com” to your “Safe Senders” list. Both “aweber.com” and “linksbusinessgroup.com” should be in your “Safe Senders / Safe Domains” list.

Why is this so important? Because we have released two exclusive members-only bonuses. The first, is the “Q & A with Corbin Links” (that’s me,) and the other is the latest edition of our quarterly newsletter. If you haven’t yet joined, now is a great time! I look forward to seeing you on our members-only lists and forums.

All the Best, of Identity Management Success

Corbin H. Links, President
Links Business Group LLC

©2003-2008 Links Business Group LLC. All Rights Reserved.