Identity and Access Management community: Discover and share best practices to control IAM for your real world.


  • Lessons from a summer vacation and how it can protect your iDrac and other Privileged Accounts

    Summer is coming to a close.  Children are going back to school, the leaves will be changing sooner than later, and college football is just around the corner.  As another great summer comes to a close I want to share what I learned during my summer vacation and how that can help you protect your iDrac and other out-of-band management systems.

    Every year we take our ATV’s to a section of wilderness and explore the different trails in that region.  This year we decided to explore the trails in Southern Utah.  During one of our trips the coolant hose on my ATV came loose and started leaking without my knowledge.  I went the whole day with antifreeze slowly leaking out of my machine.  That night my father spotted the leak.  We fixed the hose, topped off the coolant, and rode the rest of the week without incident.  Lucky for me I had someone to help spot the problem and resolve it before I ended up getting stuck in the mountains of Utah with a broken down machine.

    Just as my father helped identify the leak on my ATV let me help you identify the security leak that can come from unmanaged Privileged Accounts from your iDrac.  On most modern day servers from Dell there exists an iDrac card.  Other server vendors ship similar remote management adapters.  This feature allows servers to be monitored for critical hardware problems, enable remote power control, and access a virtual console so you can work remotely on your servers without being near your server.

    Each iDrac or remote management adapter comes from the factory pre-configure with a username and password.  Most can be found by a basic web search and others can be found conveniently attached to the server.  If attackers gain access to this management interface your entire data center can be powered down in minutes causing a massive Denial of Service Attack or worse, the attacker can pull data off the system by enabling verbose logs and monitoring what your administrators are doing on the console.  If you experience any of these attacks you will wish that you were stuck in the middle of the wilderness rather than face your management or the SOX, PCI, HIPAA, or NERC auditors that would be visiting your company.

    With Dell One Privileged Password Manager you can fix the security leak from Privileged Accounts that your remote management adapters are experiencing.  You can start rotating passwords so the root iDrac user will never know who “calvin” is anymore.  Administrator, admin, userid, and others from remote management adapters will be secured and you can rest knowing that your servers are protected from another potential security threat.  Along with this protection you will have the ability to audit users that request the root account on iDrac and you will be able to produce reports to show you are satisfying the requirements of any regulatory body.

    So as another summer season winds down let Dell Software help you by protecting you iDrac and other Privileged Accounts from leaking out of your organization.

  • Compare and contrast: Identity and Access Manager (IAM) and the Ice Bucket Challenge (IBC)

     

    Unless you have been living in a cave or under a rock (and you haven’t because you are reading this), you’ve probably heard of the ALS Ice Bucket Challenge.  This week, I’d like to compare and contrast IAM to the Ice Bucket Challenge (IBC) with the following five observations. 

    1)      They are both TLAs.  What’s a TLA you ask?  It’s a three-letter acronym.  Bazinga.

    2)      In one activity, you spend a great deal of time in preparation and planning.  You work out the processes involved from the beginning to the end including training and proofs of concept.  Following that is the actual event where all the stars line up and everything goes according to plan…only it doesn’t.  And then the best thing you can hope for is an avalanche of frigidity from dozens of now “would be” friends.  In the other, someone dumps ice water over your head.

    3)      In the IBC, the most difficult part of the process lasts for perhaps 10 – 15 seconds.  During this time, you find it hard to breathe and your body seizes up making it hard to think or move.  In the world of IAM, the most difficult part can last 10 – 15 months.  Or in some cases, it never ends.  During this time, you find it hard to breathe and your body seizes up making it hard to think or move.

    4)      Both can be overly-elaborate, complex and difficult to execute if not done correctly.  Take for instance Bill Gates’ IBC, comedy intended no doubt.

    5)      On the other hand, it need not be that way.  Both can also be done simply, elegantly and with dramatic results.  Take for instance our customer, Williams Energy, and their implementation of IAM using Dell’s solutions

    Seriously though.  The Ice Bucket Challenge has been fantastic.  It’s raised literally millions of dollars in incremental donations for the Amyotrophic lateral sclerosis (ALS) Association, a worthwhile cause to be sure.  If you’ve not been challenged, consider yourself challenged.  If you have done it (and donated) congratulations and thank you.  And note that all members of the IAM product marketing team have already successfully completed the Ice Bucket Challenge.

  • Have You Heard About Cloud Access Manager?

    Did you know that ten months ago, Dell Software released a new web authentication, single sign-on (SSO) and identity federation solution? It’s true! The product is called Dell One Identity Cloud Access Manager, and the current release is version 7.1.

    Cloud Access Manager is a solution that enables end users to authenticate one time, then subsequently get secure, instant access to all of your organization’s web based applications.

    • Authenticate once: Authenticating users to Active Directory and LDAP v3 directories, with methods including Integrated Windows Authentication, forms authentication, x.509 client certificates, plus RADIUS support for optional multifactor authentication.
    • Secure, instant access: Employ role policies to limit access only to appropriate applications, or sections/subsets of applications. A self-service Application Catalog offers way for users to request access to new applications, as well as just-in-time cloud provisioning of popular SaaS applications including Google Apps, Office 365, Salesforce.com and ServiceNow. Both on-premise and cloud-based applications are accessible from anywhere with internet access – at the office, at the coffee shop, etc.
    • All your web applications: Connect authorized users to SaaS applications and using identity federation technology, homegrown applications using secure HTTP headers, or legacy commercial applications using credential vaulting/injection technology. An Application Portal provides end users a launching pad for their available apps.

    Cloud Access Manager is a versatile tool, providing SSO to modern and legacy web applications through an easy to use web interface. While the benefits to end users (SSO) and IT administrators (reduced helpdesk calls) might be obvious, security professionals also benefit from Cloud Access Manager’s extensive auditing and reporting capabilities, which records all end user and administrative actions.

    Cloud Access Manager is advancing rapidly – recent releases includes new features like:

    • Dell vWorkspace integration: Access web and virtualized rich client applications on a single console
    • Step-up authentication: Require multifactor authentication for certain applications, or roles in an application
    • New Application Templates: Streamlined SSO setup templates for Dropbox and the Citrix GoTo properties.

    In the coming months, I’ll be blogging about some of the ways Cloud Access Manager can help organizations like yours improve end user and IT efficiency while strengthening security. If there are any specific topics you’d like to hear about, post them here and I'll check periodically to see the feedback.

    In the meantime, feel free to try it yourself! A 30-day unlimited-use trial version of Cloud Access Manager can be downloaded here. For a quick setup, I suggest trying the “Proof of Concept” install option, which puts all the components on a single Windows Server instance.

    Thanks for reading!

    Dave

  • Bill Nye the science guy and a visit to the Star Wars Cantina all in one week!

    Last week, some of the Identity and Access Management (IAM) team from Dell Software converged on the city of San Diego for Gartner’s annual Catalyst conference.

    It was a long week filled with lots of good information, conversations and fun. Here are some of the highlights of the week.

    • We had lots of good discussions with current and potential future customers about their IAM challenges on the show floor.
    • Got to hear Bill Nye the science guy inspire us to realize that we can all change the world in a big way if we decide to work together.


    • Had our customer Consumer’s Energy speak to attendees about some of the critical lessons they learned during their Identity and Access Management project.
    • And last but not least have some fun in the Star Wars Cantina at our hospitality suite.


    If you didn't get a chance to attend the event, be sure to check us out at Dell World November 4th – 7th or the Gartner Identity and Access Management summit December 2nd – 4th.

  • On-Demand Security webcast series: Transform the security of your organization from afraid to enabled

    Missed the Dell Security webcast series?  Not to worry.  We recorded the sessions for you.  We all have to protect our environments and ensure internal and external compliance requirements are met.  But, how well-equipped are you to transform your security role to one of not just protection and assurance, but of business enablement?   Move the conversation in your organization away from fear, uncertainty, and doubt to one of business enablement.   

    Check out this informative series now!  Learn more about Dell’s security solutions and how they can help your organization.

  • Exploring a Fully Automated IAM Environment

    View the On-demand Webcast with security expert Randy Franklin Smith on: Exploring a Fully Automated IAM Environment

    You can discover strategies and tools to make it easy for you to:

    • Fully automate common Identity and Access Management tasks
    • Easily prepare for audits and meet compliance needs
    • Significantly reduce IT workload
    • Use today’s Identity and Access Management solutions as a springboard for true governance

    View Webcast Now

  • Dell One Identity Manager wins Gold in the Best of Biz International Awards!

    We just found out that Dell One Identity Manager has won GOLD in the “Enterprise Product of the Year – Software” category for the Best of Biz International Awards! 

    The Best in Biz Awards program is judged by members of the press and industry analysts from around the world.

    You can see the full list here - http://intl.bestinbizawards.com/intl-2014-winners-product/

    To learn more about Dell One Identity Manager, click here.

  • Upcoming Webcast: Exploring a Fully Automated IAM Environment

    Webcast: Exploring a Fully Auotmated IAM Environment

    Date: Tuesday, July 22nd

    Time: 11:00 a.m. ET

    Have you ever wondered what would it be like to have a fully automated IAM environment? Envision streamlining every step of an employee’s access, from initial request through termination, and everything in between. Imagine the time savings.

    Now you can see all that and more in action. Join Randy Franklin Smith, CEO, Monterey Technology Group, and George Cerbone, Principal Solutions Architect, Dell Software, as they take you through every step using today’s IAM solutions.

    Attend this webcast to discover how to:

    • Fully automate common IAM tasks
    • Easily prepare for audits and meet compliance needs
    • Significantly reduce IT workload
    • Use today’s IAM solutions as a springboard for true governance

    All of that and more is possible with today’s IAM technology and in this webinar we are going to demonstrate what such an environment looks like.

    First we’ll step through the life-cycle of an employee and watch as a new hire in Orange HR triggers the creation of accounts in AD, automatic provisioning of physical access badge and standard entitlements for the department where the new employee starts off.

    Then we’ll watch what happens as that employee requests additional access, separation of duty violations detected, job changes and finally she exits the company. I think you’ll be amazed at how easy this is for end-users and line of business managers and how absent IT is in this entire cycle – which is a good thing.

    Register Today

     

     

  • KuppingerCole Vendor Report: Dell Identity and Access Management 2014

    Dell One Identity Manager is one of the leaders in the various identity categories within IAM/IAG. The products are well-designed, well-integrated and complete. While the bulk of the development of the products occurred before Dell acquired them, there’s been no deterioration in quality and some improvement in interoperability in the short time since Dell acquired Quest.

    Customers who are looking for the first Identity Management suite or those unhappy with their current choice, should include Dell One Identity Manager in the vendor mix they’re evaluating. So too, for the rest of the Dell IAM/IAG product line – all solid performers.

    With the caveat that Dell has but a short track record in IAM/IAG we can nevertheless strongly recommend the line.

    Read the full report

  • Extending SharePoint Access to External Users

    A few weeks ago Dell Software hosted a webinar titled Extending SharePoint Access to External Users, the recording can be found here. There were lots of attendees and lots of questions were asked during the webinar. What I intend to do in the next few paragraphs is to summarize the webinar content and hopefully get you to think about your environment, what you can do, and how Dell Software can help.

    First we discussed three market trends that make it inevitable to extend SharePoint to external users

    • SharePoint evolution
      • Here we talked about three key trends. First the SharePoint User Interface and how it evolved over the years from being a document management system to becoming much more with search, business intelligence, enterprise collaboration through blogs and wikis, a hub for projects. Second we discussed SharePoint’s integration features with Microsoft Office applications, SaaS providers, BDC service applications, external lists, and SQL Server Reporting Services. And third, we went over how SharePoint evolved to offer true enterprise social capabilities from the inception of My Site with SharePoint 2010 to features such as “Like” and “Follow” in SharePoint 2013.
      • The point that was made here was that what SharePoint offers today can’t be confined within company networks, such features need to be extended to external users
      • Application overdose
        • Here we showed a glimpse of some of the applications we use at Dell Software and mentioned that you too probably have the same or even a longer list of applications you log into on daily basis or are part of what enables you to be productive at what you do. Some of the applications we log into on daily basis include SharePoint, Google Docs, Salesforce, Taleo, Oracle, Jive, Concur, SAP, OneDrive, YouTube, Box, LinkedIn, Lync, Facebook, fidelity, ADP, just to name a few.
        • The point that was made here is that with all these applications that we have to access, SharePoint is just a drop in the ocean and being able to extend its content or access to other applications and users so they can be more productive is definitely a trend and a requirement we can’t ignore.
        • Organizational evolving structures
          • Here we briefly described how organizations form, work together, and change overtime with acquisitions and mergers.
          • The point that was made here is that in order for those entities to be able to provide the services or solutions they provide, they need to be able to seamlessly collaborate through SharePoint.

    Then we listed a few market challenges that may delay or stop organizations from extending SharePoint access to external users

    • The increasing SharePoint adoption as mentioned above
    • The increasing number of applications we access on daily basis as mentioned above
    • The increasing number of devices we use to collaborate and work
    • The various authentication methods we use to access our applications. Some may use a generic form filled username and passwords while others may use more advanced federated approaches or windows authentication.
    • The ongoing demand for governance and monitoring of external users’ access and changes to the SharePoint environment

    And finally we introduced the features that ought to be in a complete solution that would allow us to extend SharePoint to external users. And on this subject we mentioned the solution needs to provide:

    • Single Sign on capabilities that would allow external users to either initiate an authentication event either into SharePoint or into any of the other application without the need to re-enter credentials as they hop across applications.
      • The solution presented here is Dell One Identity Cloud Access Manager and its ability to act as a centralized hub that provides web single sign-on and connects all types of users with the applications or sections of the applications they need access to
      • Security measures that provide consistent rule and role based access to SharePoint and other applications regardless of applications authentication methods so external users only see what they are given access to and can take actions against that same content.
        • The solution presented here was also Dell One Identity Cloud Access Manager with its flexible yet role based support for the entire population of application authentication methods
        • Access and activity reporting, management, and governance that would allow organizations to track who from the external users’ list are logging into their environment and what content are they touching.
          • The solution presented here was Dell Site Administrator for SharePoint and its ability to report on and enable management of SharePoint activity, permissions, and content growth.
          • Audit enforcement and compliance policies to ensure proactive notifications of what external users are accessing.
            • The solution presented here was Dell Change Auditor for SharePoint as it provides proactive alerting on delta changes on either content or permission structures
            • An easy to use interface
              • We hope that all of the above mentioned solutions have been engineered with end users in mind to provide an easy to use, intuitive interface.

    Extending SharePoint to external users is inevitable in today’s market. Today SharePoint offers a wide range of capabilities, organizations are collaborating in smarter ways than ever before, and the list of application pools we access is getting larger. Sure there are challenges that may stop or delay us from opening up SharePoint content and access to external users such as security and compliance concerns, but there are solutions that can help us along the way, and Dell software provides end to end solutions around all of these challenges.

     Look back at your environment and start thinking about the frequency in which you get asked to extend SharePoint to external users. Are those requests increasing or decreasing? What is stopping you from extending SharePoint to external users? Do you have security concerns, or compliance concerns? Do you have any published guidelines for how to extend SharePoint access? Do you monitor or audit such access? Do you have other social means of collaboration? Do you use other collaboration software such as Google Docs, DropBox, Box.net, or yammer?

    And as you try to find answers to the above common concerns and as you try to lay a foundation for a solution please reach out to us here at Dell software as we've worked together with many organizations in the past that’ve had similar challenges.