Identity and Access Management - Blog

Identity and Access Management community: Discover and share best practices to control IAM for your real world.


  • Identity Manager named a Leader in all 4 access governance categories for KuppingerCole

    Access Governance remains one of the fastest growing market segments in the broader IAM/IAG (Identity and Access Management/Governance) market. Over the past few years, this segment has evolved significantly. Access Intelligence, providing  advanced analytical capabilities for identifying access risks and analyzing the current status of entitlements is one of these additions. Improved capabilities in managing access risks are another. Some vendor have also added user activity monitoring to their products. 

    We were actually named Leader in all 4 categories by KuppingerCole in the 2014 Access Governance Leadership Compass report 

    • Overall Leader
    • Product Leader
    • Market Leader
    • Innovation Leader

    This Leadership Compass provides an overview and analysis of the Access Governance market segment, and the solutions available.

    Read Analyst Report

  • New Authentication Services security modules for Redhat Enterprise Linux with SELinux fully enforced

    Security has become an increasingly important consideration for organizations. Authentication Services has always held security as one of its most important and core functions.In keeping with this concept we have been working on modules to ensure that Authentication Services will work on a Redhat Enterprise Linux operating system with SELinux fully enforced. We have been testing and modifying these modules for some time now to make sure they will work with as many configurations as possible; however internal testing can only go so far.

    Our goal is to ensure we have something that will be functional for as many environments as possible without additional configuration while remaining secure. As such we would like to solicit feedback from the Authentication Services community.A project has been started that includes access to the modules, instructions on how to implement them. The Authentication Services forums are available to provide feedback on anything you might discover or you would like to comment on.

    As Hellen Keller once said alone we can do so little; together we can do so much. We invite you to work together with us to make this functionality as robust as possible. So join the conversation today.

    For access to the project please visit our github page

    To discuss the project or to ask any question please visit the All Things Unix Forum

    ** Please Note: These modules are considered test modules and therefore would not yet be fully supported. They are intended for test environments only. For assistance we ask that you post your questions or concerns to forum where the product team can will review and assist. **

  • People aren't the only risk in your organization. Learn ten ways to secure and manage the risks of service accounts.

    Webcast: 10 Ways to Secure and Manage the Risk of Service Accounts and Other Non-Human Accounts

    Date: 12/18/2014 at 11:00 AM ET

    Accounts for services and scheduled tasks don’t involve direct human interaction every time, so they’re non-human. They may not pose the same danger as an out-of-control cyborg, but these accounts may pose a greater risk to security than you might think. Attend this webcast with Randy Franklin Smith where he will show you how these type of  accounts create all kinds of risks and management burdens, and what to do about them including:

    • How exactly non-human accounts pose a serious threat
    • Proven controls and best practices for securing these accounts
    • The simple logon strategy that can strengthen security
    • How to automate processes that mitigate these risks

    Register today!

  • Some key takeaways from Gartner IAM summit

    I just returned from the Gartner IAM Summit in Las Vegas with and about a thousand of my IAM cohorts.  It was great to spend the week learning more about IAM and talking with old colleagues and gaining new ones.  One of the main topics was around how to build a successful enterprise IAM project and knowing what pitfalls to try and avoid. What I took away from it was that IAM is not a project but an ongoing process and in order to ensure success you need to:

    1. Know you stakeholders and get them involved early and often. Having a successful IAM program relies heavily on the systems, data and people within your organization. If you don’t get them involved early and often in the process it is likely to cause major challenges and delays with your timeline.

    2. Create an on-going plan that has clearly defined milestones and continually re-evaluate it to ensure that you are delivering value to the business. As mentioned before IAM is an ongoing process and if you treat it like a project and try to do everything at once it will likely fail. Considering it a project also causes issues when it comes to budget. If it is considered a project people may believe that you only need a lump sum of money and when the project is concluded no further budget will be needed.

    Now I am not promising that if you do these two things your IAM journey will be an instance success, but I will promise you that if you don’t, it will probably fall short of accomplishing your goals. One thing that may be helpful in getting your stakeholders on board is to educate them on why IAM is important to the business; we have created a short paper that just might help you with that process, so take a look when you get the chance.

    Not everything was about business though we were able to relax and have a bit of fun in our Star Wars hospitality suite on Wednesday! Thanks to those that joined us, and if you didn't get the chance make sure it is on your list to attend next year.

  • Applications, the Cloud, and Identity - Is IAMaaS right for you?

    Date: Thursday, Dec. 11, 2014 at 11:00 AM PT / 2:00 PM ET

    On-premises applications have taken a back seat for their more available, less expensive and equally as useful cloud equivalents. But organizations focused on ensuring application security lack the ability to properly control identity and access with cloud applications. New advances in Identity & Access Management (IAM) can provide the control and governance you need, available as a service. But is it right for your organization?

    In this lively webinar, industry veteran Nick Cavalancia and David Miles, Sr. Product Manager, from Dell Software will discuss:

    • IAM… as a Service??? How does that work?
    • The pros and cons of implementing IAM on-premises and as a hosted service.
    • How to tell if IAMaaS is a fit for your organization.

    Dell One Identity as a Service will also be discussed as a viable option for those considering a SaaS solution for their identity and access management needs.

    Register today!

  • Cloud Access Manager and Dell vWorkspace Integration

    Was recently poking around a "What's New" post in the Community site for Dell vWorkspace, our desktop and application virtualization solution, when I came across a small reference (that involves Dell One Identity Cloud Access Manager) that I wanted to highlight here...

    vWorkspace 8.0.1521 MR1 Optional Hotfix 362760 for Web Access Roles for solution SOL127785

    This is an optional hotfix to address the following issue - Web Access Roles Please refer to the Support Portal knowledgebase article 127785.

    Created: July 9, 2014

    If you click through to the KB article, you find that this update includes Cloud Access Manager integration with the vWorkspace Web Access. Through this integration, Cloud Access Manager can present an integrated set of links on its Application Portal for:

    • web-based applications protected by Cloud Access Manager, accessed through the reverse proxy or via identity federation
    • virtualized desktops and applications, accessed through vWorkspace sessions

    What you end up with, for the end user, is an "aggregated workspace" of target links for end users, tailored only to show the applications they are entitled to per security settings in vWorkspace and Cloud Access Manager...

    As for single single sign-on, the links on the Cloud Access Manager portal are related to files downloaded from the vWorkspace Web Access server, which embed credentials for accessing the vWorkspace apps. So once users log in to Cloud Access Manager, they don't see extra login events for vWorkspace applications. Cloud Access Manager does authenticate the user to the vWorkspace Web Access server, and that is either handled by a one-time password capture event, or optionally by reusing a user's corporate credentials. Basically, Cloud Access Manager treats vWorkspace Web Access as a special-case protected application.

    Setup is straightforward, as seen here:

    This is a good example of how we're always looking for ways to expand the value Cloud Access Manager provides customers by addressing new classes of applications. We'll be adding more functionality like this in the future - so stay tuned!

    Dave

  • The Cloud and the new role of IT departments

    “The Cloud” is changing business in many ways. This discussion is mostly targeting B2B and B2C applications and how cloud and SaaS offerings are affecting access control and security.

    Cloud and SaaS offerings affect businesses in the reduced time it takes to implement and begin using business relevant applications compared to the traditional way of getting an application up and running. In the past business departments needed to talk to IT, going through all the processes from budget funding to software selection to purchasing and finally the implementation process with IT. Today, you can simply subscribe to software as a service offering that fits your needs and you can start working. This is the “new business agility” that results from a SaaS offering.

    The role of IT departments are changing and adapting. Even if the business departments can easily use line-of-business applications in the cloud, companies are still accountable for controlling the access, the use and the security of the data of those applications.

    For the IT department this means that they are not necessarily the department implementing, operating and providing the application support itself but the tools and processes on how to govern and control the overall system security. IT departments need to become a real partner of the business and an enabler of the new agility. IT departments have an opportunity to become the internal facilitator or a kind of consultant for the integration of the business relevant SaaS applications. The business and IT need to ensure that the applications are brought into the overall IAG and GRC program and its tools and solutions so the processes like:

    • Who should have access or not?

    • How to grant or revoke access and permissions?

    • How to provision or de-provision access and permissions?

    • How to attest/recertify access and permissions?

    Are not broken and the new applications fits into the overall scenario.

    Uncontrolled growth and use of cloud applications by business could lead to uncontrolled systems and violation of internal and external regulatory controls. IT departments are the natural partner of the business for ensuring security and compliance not just for on premise applications but for SaaS applications as well.

    A company should develop a best practices IAG/GRC program as a prerequisite to have the appropriate IAG applications in place that can provide all features required for managing both on-premises and off-premises applications.

  • Winner in Identity & Access Mgt. by the readers of SearchSecurity.com and Information Security Magazine!

    We are honored to announce that Dell One Identity Manager has been chosen a Winner by the readers of SearchSecurity.com & Information Security Magazine.

    "Dell's offering also supports other best-in-class IAM products, providing the ability to transition an entire IAM strategy into one view. Dell has moved to expand its One Identity suite with Cloud Access Manager as well. The cloud-focused play provides a number of traditional IAM features including single sign-on capabilities for a variety of Web application access scenarios."

    Dell One Identity Manager provides you with the right access to business-critical information should be managed by the business and not by IT. That’s why Identity Manager empower the business to govern needed access for agile and effective operations, while reducing the burden on IT.  Identity Manager gives you the visibility and control you need to:

    • Understand what you have in your environment and who has access to it
    • Empower business managers to understand what employee entitlements actually mean and certify access accordingly
    • Establish a continuous process to ensure that every individual has the right access to do their job, nothing more

    The Identity Manager family of solutions includes three products, so you can choose the one that best meets your organization’s specific access management needs.

    Read More about the Award

    Learn More about Identity Manager

  • Is separation of duties (SoD) the key to protection from fraud and errors?

    It is 6:30 in the morning and I'm about to get to ready to head to the airport and then home after a week-long business trip.  On my way out the door I pick up my hotel bill; as I walk towards the elevator I look over the invoice and notice an additional restaurant charge from the night before.  I go to the front desk and have the hotel staff check things over and quickly reverse the charges as someone else had accidentally charged their dinner to my room. 

    I know this has not been the first time it has happen to me or other colleagues.  On my taxi ride to the airport, I keep wondering how does this happen?  Why the server can’t realized someone just charged two different bills to the same room? Or,  why aren’t there any measures within the restaurant management system in place to quickly pick up these anomalies?  

    To me, it should be a no brainer as the restaurant management systems should have some concept of Separation of Duties (SoD) to protect the restaurant and patrons from common errors like having guests accidentally charging their bill to other rooms.  Ok, maybe I’m over-thinking this. However, it is too much to ask the restaurant management systems to at least warn the server closing the bill the same room number was used on another invoice less than hour ago?  A simple pop up or warning message could have help the server realize a potential error or have the ability to correct before the invoice gets reconciled during the night and end up on someone else’s hotel bill. 

    Is separation of duties (SoD) the key to internal controls to increase protection from fraud and errors?  Are today’s organizations taking more proactive measures to protect themselves against fraud or errors which can jeopardize their name brand or cost $$$$ in loss revenue, fines, etc. 

    The basis of segregation of duties (SoD) processing are rules that represent the technical implementation of prescribed guidelines. They are grouped according to different frameworks (e.g., “internal guidelines”, “SOX”, etc.) or according to content-related criteria, such as for individual application systems.  They can either be preventive controls or detective controls. Either way, compliance with the rules established for employees and their access permissions in the enterprise need to be monitored with a SoD check. 

    Taking my hotel bill anomalies example and applying to real world scenarios, I see companies of all sizes starting to put more importance of not combing internal roles such as receiving and signing company checks.  The separation of duties in this case fully restricts the amount of power an individual user has over its core responsibility and minimizes any potential risks.

  • Learn how the City of Houston secures application access for its 15K users

    Upcoming webcast

    Thursday, November 20th , 2014

    2 pm EST

    Clear proof that Dell Software Identity and Access Management solutions are MUCH more effective than your favorite pain reliever!

    Learn how the City of Houston relieved its application access and password-induced headaches when it implemented Dell One Identity Manager and Cloud Access Manager for its 15,000 online users. Houston CIO Charles Thompson and Dell Software’s Mark Costenbader join Todd Sander of the Center for Digital Government in a webinar detailing how the city improved its security profile and reduced costs by using Dell Software. 

    Register for “Security Headaches? Streamline and Secure”