Identity and Access Management community: Discover and share best practices to control IAM for your real world.
Summer is coming to a close. Children are going back to school, the leaves will be changing sooner than later, and college football is just around the corner. As another great summer comes to a close I want to share what I learned during my summer vacation and how that can help you protect your iDrac and other out-of-band management systems.
Every year we take our ATV’s to a section of wilderness and explore the different trails in that region. This year we decided to explore the trails in Southern Utah. During one of our trips the coolant hose on my ATV came loose and started leaking without my knowledge. I went the whole day with antifreeze slowly leaking out of my machine. That night my father spotted the leak. We fixed the hose, topped off the coolant, and rode the rest of the week without incident. Lucky for me I had someone to help spot the problem and resolve it before I ended up getting stuck in the mountains of Utah with a broken down machine.
Just as my father helped identify the leak on my ATV let me help you identify the security leak that can come from unmanaged Privileged Accounts from your iDrac. On most modern day servers from Dell there exists an iDrac card. Other server vendors ship similar remote management adapters. This feature allows servers to be monitored for critical hardware problems, enable remote power control, and access a virtual console so you can work remotely on your servers without being near your server.
Each iDrac or remote management adapter comes from the factory pre-configure with a username and password. Most can be found by a basic web search and others can be found conveniently attached to the server. If attackers gain access to this management interface your entire data center can be powered down in minutes causing a massive Denial of Service Attack or worse, the attacker can pull data off the system by enabling verbose logs and monitoring what your administrators are doing on the console. If you experience any of these attacks you will wish that you were stuck in the middle of the wilderness rather than face your management or the SOX, PCI, HIPAA, or NERC auditors that would be visiting your company.
With Dell One Privileged Password Manager you can fix the security leak from Privileged Accounts that your remote management adapters are experiencing. You can start rotating passwords so the root iDrac user will never know who “calvin” is anymore. Administrator, admin, userid, and others from remote management adapters will be secured and you can rest knowing that your servers are protected from another potential security threat. Along with this protection you will have the ability to audit users that request the root account on iDrac and you will be able to produce reports to show you are satisfying the requirements of any regulatory body.
So as another summer season winds down let Dell Software help you by protecting you iDrac and other Privileged Accounts from leaking out of your organization.
Unless you have been living in a cave or under a rock (and you haven’t because you are reading this), you’ve probably heard of the ALS Ice Bucket Challenge. This week, I’d like to compare and contrast IAM to the Ice Bucket Challenge (IBC) with the following five observations.
1) They are both TLAs. What’s a TLA you ask? It’s a three-letter acronym. Bazinga.
2) In one activity, you spend a great deal of time in preparation and planning. You work out the processes involved from the beginning to the end including training and proofs of concept. Following that is the actual event where all the stars line up and everything goes according to plan…only it doesn’t. And then the best thing you can hope for is an avalanche of frigidity from dozens of now “would be” friends. In the other, someone dumps ice water over your head.
3) In the IBC, the most difficult part of the process lasts for perhaps 10 – 15 seconds. During this time, you find it hard to breathe and your body seizes up making it hard to think or move. In the world of IAM, the most difficult part can last 10 – 15 months. Or in some cases, it never ends. During this time, you find it hard to breathe and your body seizes up making it hard to think or move.
4) Both can be overly-elaborate, complex and difficult to execute if not done correctly. Take for instance Bill Gates’ IBC, comedy intended no doubt.
5) On the other hand, it need not be that way. Both can also be done simply, elegantly and with dramatic results. Take for instance our customer, Williams Energy, and their implementation of IAM using Dell’s solutions.
Seriously though. The Ice Bucket Challenge has been fantastic. It’s raised literally millions of dollars in incremental donations for the Amyotrophic lateral sclerosis (ALS) Association, a worthwhile cause to be sure. If you’ve not been challenged, consider yourself challenged. If you have done it (and donated) congratulations and thank you. And note that all members of the IAM product marketing team have already successfully completed the Ice Bucket Challenge.
Did you know that ten months ago, Dell Software released a new web authentication, single sign-on (SSO) and identity federation solution? It’s true! The product is called Dell One Identity Cloud Access Manager, and the current release is version 7.1.
Cloud Access Manager is a solution that enables end users to authenticate one time, then subsequently get secure, instant access to all of your organization’s web based applications.
Cloud Access Manager is a versatile tool, providing SSO to modern and legacy web applications through an easy to use web interface. While the benefits to end users (SSO) and IT administrators (reduced helpdesk calls) might be obvious, security professionals also benefit from Cloud Access Manager’s extensive auditing and reporting capabilities, which records all end user and administrative actions.
Cloud Access Manager is advancing rapidly – recent releases includes new features like:
In the coming months, I’ll be blogging about some of the ways Cloud Access Manager can help organizations like yours improve end user and IT efficiency while strengthening security. If there are any specific topics you’d like to hear about, post them here and I'll check periodically to see the feedback.
In the meantime, feel free to try it yourself! A 30-day unlimited-use trial version of Cloud Access Manager can be downloaded here. For a quick setup, I suggest trying the “Proof of Concept” install option, which puts all the components on a single Windows Server instance.
Thanks for reading!
Last week, some of the Identity and Access Management (IAM) team from Dell Software converged on the city of San Diego for Gartner’s annual Catalyst conference.
It was a long week filled with lots of good information, conversations and fun. Here are some of the highlights of the week.
If you didn't get a chance to attend the event, be sure to check us out at Dell World November 4th – 7th or the Gartner Identity and Access Management summit December 2nd – 4th.
Missed the Dell Security webcast series? Not to worry. We recorded the sessions for you. We all have to protect our environments and ensure internal and external compliance requirements are met. But, how well-equipped are you to transform your security role to one of not just protection and assurance, but of business enablement? Move the conversation in your organization away from fear, uncertainty, and doubt to one of business enablement.
Check out this informative series now! Learn more about Dell’s security solutions and how they can help your organization.
View the On-demand Webcast with security expert Randy Franklin Smith on: Exploring a Fully Automated IAM Environment
You can discover strategies and tools to make it easy for you to:
View Webcast Now
We just found out that Dell One Identity Manager has won GOLD in the “Enterprise Product of the Year – Software” category for the Best of Biz International Awards!
The Best in Biz Awards program is judged by members of the press and industry analysts from around the world.
You can see the full list here - http://intl.bestinbizawards.com/intl-2014-winners-product/
To learn more about Dell One Identity Manager, click here.
Webcast: Exploring a Fully Auotmated IAM Environment
Date: Tuesday, July 22nd
Time: 11:00 a.m. ET
Have you ever wondered what would it be like to have a fully automated IAM environment? Envision streamlining every step of an employee’s access, from initial request through termination, and everything in between. Imagine the time savings.
Now you can see all that and more in action. Join Randy Franklin Smith, CEO, Monterey Technology Group, and George Cerbone, Principal Solutions Architect, Dell Software, as they take you through every step using today’s IAM solutions.
Attend this webcast to discover how to:
All of that and more is possible with today’s IAM technology and in this webinar we are going to demonstrate what such an environment looks like.
First we’ll step through the life-cycle of an employee and watch as a new hire in Orange HR triggers the creation of accounts in AD, automatic provisioning of physical access badge and standard entitlements for the department where the new employee starts off.
Then we’ll watch what happens as that employee requests additional access, separation of duty violations detected, job changes and finally she exits the company. I think you’ll be amazed at how easy this is for end-users and line of business managers and how absent IT is in this entire cycle – which is a good thing.
Dell One Identity Manager is one of the leaders in the various identity categories within IAM/IAG. The products are well-designed, well-integrated and complete. While the bulk of the development of the products occurred before Dell acquired them, there’s been no deterioration in quality and some improvement in interoperability in the short time since Dell acquired Quest.
Customers who are looking for the first Identity Management suite or those unhappy with their current choice, should include Dell One Identity Manager in the vendor mix they’re evaluating. So too, for the rest of the Dell IAM/IAG product line – all solid performers.
With the caveat that Dell has but a short track record in IAM/IAG we can nevertheless strongly recommend the line.
Read the full report
A few weeks ago Dell Software hosted a webinar titled Extending SharePoint Access to External Users, the recording can be found here. There were lots of attendees and lots of questions were asked during the webinar. What I intend to do in the next few paragraphs is to summarize the webinar content and hopefully get you to think about your environment, what you can do, and how Dell Software can help.
First we discussed three market trends that make it inevitable to extend SharePoint to external users
Then we listed a few market challenges that may delay or stop organizations from extending SharePoint access to external users
And finally we introduced the features that ought to be in a complete solution that would allow us to extend SharePoint to external users. And on this subject we mentioned the solution needs to provide:
Extending SharePoint to external users is inevitable in today’s market. Today SharePoint offers a wide range of capabilities, organizations are collaborating in smarter ways than ever before, and the list of application pools we access is getting larger. Sure there are challenges that may stop or delay us from opening up SharePoint content and access to external users such as security and compliance concerns, but there are solutions that can help us along the way, and Dell software provides end to end solutions around all of these challenges.
Look back at your environment and start thinking about the frequency in which you get asked to extend SharePoint to external users. Are those requests increasing or decreasing? What is stopping you from extending SharePoint to external users? Do you have security concerns, or compliance concerns? Do you have any published guidelines for how to extend SharePoint access? Do you monitor or audit such access? Do you have other social means of collaboration? Do you use other collaboration software such as Google Docs, DropBox, Box.net, or yammer?
And as you try to find answers to the above common concerns and as you try to lay a foundation for a solution please reach out to us here at Dell software as we've worked together with many organizations in the past that’ve had similar challenges.