Identity and Access Management community: Discover and share best practices to control IAM for your real world.


  • Exploring a Fully Automated IAM Environment

    View the On-demand Webcast with security expert Randy Franklin Smith on: Exploring a Fully Automated IAM Environment

    You can discover strategies and tools to make it easy for you to:

    • Fully automate common Identity and Access Management tasks
    • Easily prepare for audits and meet compliance needs
    • Significantly reduce IT workload
    • Use today’s Identity and Access Management solutions as a springboard for true governance

    View Webcast Now

  • Dell One Identity Manager wins Gold in the Best of Biz International Awards!

    We just found out that Dell One Identity Manager has won GOLD in the “Enterprise Product of the Year – Software” category for the Best of Biz International Awards! 

    The Best in Biz Awards program is judged by members of the press and industry analysts from around the world.

    You can see the full list here - http://intl.bestinbizawards.com/intl-2014-winners-product/

    To learn more about Dell One Identity Manager, click here.

  • Upcoming Webcast: Exploring a Fully Automated IAM Environment

    Webcast: Exploring a Fully Auotmated IAM Environment

    Date: Tuesday, July 22nd

    Time: 11:00 a.m. ET

    Have you ever wondered what would it be like to have a fully automated IAM environment? Envision streamlining every step of an employee’s access, from initial request through termination, and everything in between. Imagine the time savings.

    Now you can see all that and more in action. Join Randy Franklin Smith, CEO, Monterey Technology Group, and George Cerbone, Principal Solutions Architect, Dell Software, as they take you through every step using today’s IAM solutions.

    Attend this webcast to discover how to:

    • Fully automate common IAM tasks
    • Easily prepare for audits and meet compliance needs
    • Significantly reduce IT workload
    • Use today’s IAM solutions as a springboard for true governance

    All of that and more is possible with today’s IAM technology and in this webinar we are going to demonstrate what such an environment looks like.

    First we’ll step through the life-cycle of an employee and watch as a new hire in Orange HR triggers the creation of accounts in AD, automatic provisioning of physical access badge and standard entitlements for the department where the new employee starts off.

    Then we’ll watch what happens as that employee requests additional access, separation of duty violations detected, job changes and finally she exits the company. I think you’ll be amazed at how easy this is for end-users and line of business managers and how absent IT is in this entire cycle – which is a good thing.

    Register Today

     

     

  • KuppingerCole Vendor Report: Dell Identity and Access Management 2014

    Dell One Identity Manager is one of the leaders in the various identity categories within IAM/IAG. The products are well-designed, well-integrated and complete. While the bulk of the development of the products occurred before Dell acquired them, there’s been no deterioration in quality and some improvement in interoperability in the short time since Dell acquired Quest.

    Customers who are looking for the first Identity Management suite or those unhappy with their current choice, should include Dell One Identity Manager in the vendor mix they’re evaluating. So too, for the rest of the Dell IAM/IAG product line – all solid performers.

    With the caveat that Dell has but a short track record in IAM/IAG we can nevertheless strongly recommend the line.

    Read the full report

  • Extending SharePoint Access to External Users

    A few weeks ago Dell Software hosted a webinar titled Extending SharePoint Access to External Users, the recording can be found here. There were lots of attendees and lots of questions were asked during the webinar. What I intend to do in the next few paragraphs is to summarize the webinar content and hopefully get you to think about your environment, what you can do, and how Dell Software can help.

    First we discussed three market trends that make it inevitable to extend SharePoint to external users

    • SharePoint evolution
      • Here we talked about three key trends. First the SharePoint User Interface and how it evolved over the years from being a document management system to becoming much more with search, business intelligence, enterprise collaboration through blogs and wikis, a hub for projects. Second we discussed SharePoint’s integration features with Microsoft Office applications, SaaS providers, BDC service applications, external lists, and SQL Server Reporting Services. And third, we went over how SharePoint evolved to offer true enterprise social capabilities from the inception of My Site with SharePoint 2010 to features such as “Like” and “Follow” in SharePoint 2013.
      • The point that was made here was that what SharePoint offers today can’t be confined within company networks, such features need to be extended to external users
      • Application overdose
        • Here we showed a glimpse of some of the applications we use at Dell Software and mentioned that you too probably have the same or even a longer list of applications you log into on daily basis or are part of what enables you to be productive at what you do. Some of the applications we log into on daily basis include SharePoint, Google Docs, Salesforce, Taleo, Oracle, Jive, Concur, SAP, OneDrive, YouTube, Box, LinkedIn, Lync, Facebook, fidelity, ADP, just to name a few.
        • The point that was made here is that with all these applications that we have to access, SharePoint is just a drop in the ocean and being able to extend its content or access to other applications and users so they can be more productive is definitely a trend and a requirement we can’t ignore.
        • Organizational evolving structures
          • Here we briefly described how organizations form, work together, and change overtime with acquisitions and mergers.
          • The point that was made here is that in order for those entities to be able to provide the services or solutions they provide, they need to be able to seamlessly collaborate through SharePoint.

    Then we listed a few market challenges that may delay or stop organizations from extending SharePoint access to external users

    • The increasing SharePoint adoption as mentioned above
    • The increasing number of applications we access on daily basis as mentioned above
    • The increasing number of devices we use to collaborate and work
    • The various authentication methods we use to access our applications. Some may use a generic form filled username and passwords while others may use more advanced federated approaches or windows authentication.
    • The ongoing demand for governance and monitoring of external users’ access and changes to the SharePoint environment

    And finally we introduced the features that ought to be in a complete solution that would allow us to extend SharePoint to external users. And on this subject we mentioned the solution needs to provide:

    • Single Sign on capabilities that would allow external users to either initiate an authentication event either into SharePoint or into any of the other application without the need to re-enter credentials as they hop across applications.
      • The solution presented here is Dell One Identity Cloud Access Manager and its ability to act as a centralized hub that provides web single sign-on and connects all types of users with the applications or sections of the applications they need access to
      • Security measures that provide consistent rule and role based access to SharePoint and other applications regardless of applications authentication methods so external users only see what they are given access to and can take actions against that same content.
        • The solution presented here was also Dell One Identity Cloud Access Manager with its flexible yet role based support for the entire population of application authentication methods
        • Access and activity reporting, management, and governance that would allow organizations to track who from the external users’ list are logging into their environment and what content are they touching.
          • The solution presented here was Dell Site Administrator for SharePoint and its ability to report on and enable management of SharePoint activity, permissions, and content growth.
          • Audit enforcement and compliance policies to ensure proactive notifications of what external users are accessing.
            • The solution presented here was Dell Change Auditor for SharePoint as it provides proactive alerting on delta changes on either content or permission structures
            • An easy to use interface
              • We hope that all of the above mentioned solutions have been engineered with end users in mind to provide an easy to use, intuitive interface.

    Extending SharePoint to external users is inevitable in today’s market. Today SharePoint offers a wide range of capabilities, organizations are collaborating in smarter ways than ever before, and the list of application pools we access is getting larger. Sure there are challenges that may stop or delay us from opening up SharePoint content and access to external users such as security and compliance concerns, but there are solutions that can help us along the way, and Dell software provides end to end solutions around all of these challenges.

     Look back at your environment and start thinking about the frequency in which you get asked to extend SharePoint to external users. Are those requests increasing or decreasing? What is stopping you from extending SharePoint to external users? Do you have security concerns, or compliance concerns? Do you have any published guidelines for how to extend SharePoint access? Do you monitor or audit such access? Do you have other social means of collaboration? Do you use other collaboration software such as Google Docs, DropBox, Box.net, or yammer?

    And as you try to find answers to the above common concerns and as you try to lay a foundation for a solution please reach out to us here at Dell software as we've worked together with many organizations in the past that’ve had similar challenges.

  • Dell One Identity - IAM, security and compliance simplified

    Watch our latest video on how Dell One Identity solutions can simplify and secure Identity and Access management 

  • Webcast July 1: Stop Letting Security Threats Stop You from Advancing Your Business

    We all have to protect our environments and ensure internal and external compliance requirements are met. But, how well-equipped are you to transform your security role to one of not just protection and assurance, but of business enablement?

    Join us:  Tuesday, July 1 at  2:00 PM ET/11 AM PT

    Attend this webinar to learn how to:

    • Eliminate silos of security information in your organization
    • Connect security across your data, infrastructure and applications
    • Protect your data and systems by enabling users to get the right access at the right time

     Register for this webinar to learn more about connected security, including network security, identity and access management and data encryption, while also gaining ways to look past the scare tactics, fear, uncertainty and doubt, and focus on the business first.

     Register Now >>

     

     

     

  • Learn more about the @dellsecurity showing at Gartner Security and Risk Management Summit next week

    By now you should know that Dell Software will be attending Gartner Security & Risk Management Summit. If you’ve missed some of the details or you’d like to read the official all up Dell communication about our involvement in the event, please take a look at the Direct2Dell post, Better Security is Better Business: Dell at Gartner Security & Risk Management Summit by Scott Lang, Director, Solution Marketing at Dell.

    The Identity and Access Management team is looking forward to seeing you at the event!

  • Look for us at the Gartner Risk and Security Summit

    One of the primary ways we (the Dell One Identity team) keep in touch with you, our customers, friends, and hopefully future customers is by investing in a presence at the events that we think you’ll be attending. You’ll always find us at the RSA Conference, and Gartner’s three IAM-focused events – the Risk and Security Summit, Catalyst, and the IAM Summit. The Risk and Security Summit is only two weeks away, and we’ll be there in force.

    If you’re coming to the show at the Gaylord National Resort and Convention Center in National Harbor, MD, June 23-26 (and we encourage you to plan on it next year if you can’t make it this year) you’ll find us all over the place.

    First off, we’re front-and-center on the show floor in booth #601 with our colleagues from SonicWALL and right next to our Dell brethren, SecureWorks. But wait, there’s more! Here’s a rundown of some of the other places you can meet our team, hear our story, and share your experiences with Dell One Identity solutions:

    • We’ll present a panel discussion called “Security is a Many Splendored Thing” featuring successful IAM organizations including Trilium Health Partners, Asurion Corp, and Dell (yep, we’re talking about ourselves too). You can join us Monday, June 24th from 3:45-4:30 PM in Potomac D to hear the real-world experiences of these IAM project leads.
    • On Wednesday June 25th, our own Scott Lang will present on the show floor to the topic “5 Questions to Ask Yourself About Protecting Your Data”
    • And the best part of all, our much-anticipated hospitality suite. The theme this year is “Dell Security Mixology Lounge” (that means lots to drink) It’s Tuesday evening, June 24th from 5:45-8:45 in National Harbor 3. Join us for a good  time, some *** beverages, and discussions on IAM with our experts (if you’re so inclined).

    So if you’re coming to the conference stop by and say “hi”, we’ll have all of our really smart people there ready to help you achieve identity and access management for the real world.

    You can learn more about Dell Software’s IAM solutions for the real world here.

     

  • The User Who Didn’t Know He Was A Super(user)

    Part 1:  Discovering Your Superman

     

    What is a privileged user?  It should be a simple question to answer — the two words give you a big hint as to where the definition should end up. It’s a user, and, quite obviously, this user has one or several privileges enabling them to do “important stuff.”

    So, I’m asking you: are YOU a privileged user? 

    Well, let’s try to figure out the answer together, and see if the answer matches your first thought.

    Let’s start with a simple definition of a privileged account, you noticed it immediately: I switched the words from “user” to “account.” I define the “user” as the physical identity; in other words, that is you. The “account” is the combination of a username/account and, eventually, other information that actually provides you the capability to get into “stuff” such as applications, your corporate network, servers, network devices, etc.   However, privileged accounts needn’t be linked to any “physical identity.” An example of this is an application account used to run tasks on a scheduled basis.

    Therefore, a privileged account is one of these username/password/permissions “identities” with a level of access that puts the user in a position to be a threat to the organization---which ironically is what organizations try to mitigate by creating these accounts. 

    In each company users have privileged and non-privileged accounts.  Non-Privileged Accounts are the “basic” accounts we all have that allow us to check email, surf the web, etc.  Privileged accounts give us the power over servers, devices, etc.  I like to refer to the Privilege Accounts a user will receive as Privilege Account by Heritage.  This refers to privilege accounts a user will receive because of their job function, title, department, rank, etc.  Some refer to these as Shared-Account Privileged Identities, however I like to break them up and put them into two different groups:

    Shared Privileged Account (SPA)

    • Cannot be removed due their nature (built-in accounts such as root, administrator, system, etc.)
    • Cannot have their permissions lowered due their nature (i.e., in Active Directory, the built-in account administrator could be disabled but, in the end, at least one account in relevant domain groups such as the Schema Admin is needed)
    • Have the ability to edit, remove or delete logs everywhere due their status/model (administrator in AD, root on UNIX, etc.)

    Named Privileged Account (NPA)

    • Can be removed, but, the operation would have a dramatic impact on customers (i.e., all the so-called “service accounts” that run services, applications, etc.)
    • Have specific permissions higher than the average admin account/users (i.e., domain admins)
    • Have the potential power to edit/delete/remove some logs from systems, but not everything from everywhere 

    Keep in mind that one of the most dangerous practices often linked directly to SPA types of accounts is the use of the same password by multiple users, who actually use the accounts to improperly manage the ecosystem.

    We’ll talk more about privileged accounts in the next edition of this blog.