1 Introduction... 2 2 Product Description... 2 3 Strengths and Challenges... 4 4 Copyright... 5



Similar documents
ObserveIT User Activity Monitoring

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

NextLabs Rights Management Platform

EXECUTIVE VIEW. Centrify Identity Service. KuppingerCole Report. by Martin Kuppinger January 2015

EXECUTIVE VIEW. CA Privileged Identity Manager. KuppingerCole Report

1 Introduction Product Description Strengths and Challenges Copyright... 5

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

Protecting the keys to your kingdom against cyber-attacks and insider threats

VENDOR REPORT by Martin Kuppinger April Atos DirX. KuppingerCole

An Oracle White Paper January Access Certification: Addressing & Building on a Critical Security Control

Identity & access management solution IDM365 for the Pharma & Life Science

Oracle Role Manager. An Oracle White Paper Updated June 2009

secure user IDs and business processes Identity and Access Management solutions Your business technologists. Powering progress

Identity and Access Management

Business-Driven, Compliant Identity Management

ADAPTABLE IDENTITY GOVERNANCE AND MANAGEMENT

Business-Driven, Compliant Identity Management

Security management White paper. Develop effective user management to demonstrate compliance efforts and achieve business value.

RSA Via Lifecycle and Governance 101. Getting Started with a Solid Foundation

C21 Introduction to User Access

Cloud User and Access Management

Kuppinger Cole Virtual Conference The Three Elements of Access Governance

How can Identity and Access Management help me to improve compliance and drive business performance?

ORACLE FUSION HUMAN CAPITAL MANAGEMENT

How to leverage SAP NetWeaver Identity Management and SAP Access Control combined solutions

BUSINESS-DRIVEN, COMPLIANT IDENTITY MANAGEMENT USING SAP NetWeaver IDENTITY MANAGEMENT

Identity Management Basics. OWASP May 9, The OWASP Foundation. Derek Browne, CISSP, ISSAP

Enterprise Identity Management Reference Architecture

RSA Identity Management & Governance (Aveksa)

Sun and Oracle: Joining Forces in Identity Management

KuppingerCole Product Research Note. Virtual Forge CodeProfiler. by Prof. Dr. Sachar Paulus March 2012

Identity and Access Management Point of View

SAM Enterprise Identity Manager

Quest One Identity Solution. Simplifying Identity and Access Management

SIEM and IAM Technology Integration

Governed Migration using Dell One Identity Manager

Select the right solution for identity and access governance

<Insert Picture Here> Oracle Identity And Access Management

SOLUTION BRIEF Improving SAP Security With CA Identity and Access Management. improving SAP security with CA Identity and Access Management

Key Issues for Identity and Access Management, 2008

Compliance & SAP Security. Secure SAP applications based on state-of-the-art user & system concepts. Driving value with IT

Identity Management with midpoint. Radovan Semančík FOSDEM, January 2016

Application Test Management and Quality Assurance

WHITEPAPER OpenIDM. Identity lifecycle management for users, devices, & things

ORACLE FINANCIAL SERVICES ANALYTICAL APPLICATIONS INFRASTRUCTURE

Trust but Verify: Best Practices for Monitoring Privileged Users

The Recipe for Sarbanes-Oxley Compliance using Microsoft s SharePoint 2010 platform

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

IBM Software Group. Deliver effective governance for identity and access management.

ASG CloudFactory IT Transformation with Cloud Orchestration and Service Delivery Automation TECHNOLOGY TO RELY ON

Oracle Fusion Human Capital Management Overview and Frequently Asked Questions

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

Dell One Identity Manager Scalability and Performance

SAP Solution in Detail SAP NetWeaver SAP NetWeaver Identity Management. Business-Driven, Compliant Identity Management

Enhance Performance Management Reporting

The Unique Alternative to the Big Four. Identity and Access Management

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

Oracle Identity Management: Integration with Windows. An Oracle White Paper December. 2004

Five Cloud Strategy Must -Dos for the CIO

Achieving Sarbanes-Oxley Compliance with Oracle Identity Management. An Oracle White Paper September 2005

Identity and Access Management Memorial s Strategic Roadmap

IAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions.

An Oracle Best Practice Guide April Best Practices for Designing Contact Center Experiences with Oracle RightNow CX Cloud Service

1 Introduction to Identity Management. 2 Identity and Access Needs are Ever-Changing

Business Process Management The Key to ITIL Success

An Oracle White Paper January Oracle Identity Manager Business Overview

midpoint Overview Radovan Semančík December 2015

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

Accelerate Your Enterprise Private Cloud Initiative

Identity & Access Management Gliding Flight. Paolo Ottolino PMP CISSP ISSAP CISA CISM OPST ITIL

Streamlining Identity and Access Management through Unified Identity and Access Governance Solutions

Top Eight Identity & Access Management Challenges with SaaS Applications. Okta White Paper

Leveraging Oracle Consulting to Implement Identity Management at Cisco

Gain control over all enterprise content

SUN IdM: Migrate with Confidence. SDG IAG Practice: Global Technology Solutions

Access Management and Federation

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Identity Access Management Challenges and Best Practices

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

LEADERSHIP COMPASS by Martin Kuppinger January Enterprise Single Sign-On. KuppingerCole Report

Five Tenets of Modern Procurement Move Source-to-Pay to the Cloud

Resolver GRC Cloud. Innovation in User Experience for Enterprise GRC SOLUTIONPERSPECTIVE. September 2015

9 tips for a successful Identity and Access Management project implementation

Life Management Platforms: Control and Privacy for Personal Data

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

Research. Identity and Access Management Defined

Statement of Direction

The Four "A's" of Information Security

ORACLE FUSION MIDDLEWARE PROFILE

Transcription:

KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger April 2015 ITMC, a Danish vendor, delivers a comprehensive solution for Identity Provisioning and Access Governance with its IDM365 product. The product works in a task-centric way with a modern UI, backed by ITMC s long experience in implementing IAM&IAG in an efficient way. by Martin Kuppinger mk@kuppingercole.com April 2015 Content 1 Introduction... 2 2 Product Description... 2 3 Strengths and Challenges... 4 4 Copyright... 5 Related Research #71,134 Advisory Note ABAC done right #71,185 Advisory Note Redefining Access Governance #70,839 Advisory Note Identity & Access Management/Governance Blueprint Report No.: 71289 Page 1 of 6

1 Introduction Danish company ITMC is a software vendor that was founded by a number of persons with deep backgrounds in IAM system integration. Their product, IDM365, focuses on simplifying both deployment and use of IAM and IAG (identity and Access Management/Governance) infrastructures, particularly by delivering a strong set of out-of-the-box concepts and processes combined with a modern UI, thus reducing the need for long-running and costly implementation projects. With its current feature set, the product fits well into the Identity Provisioning and Access Governance market segments. Identity Provisioning still is one of the main segments in IAM/IAG, allowing customers to automate changes in target systems, based on request & approval workflows and connectors to these systems. Even while it is rare for all target systems to be connected directly, Identity Provisioning helps in automating changes for systems with a large number of managed identities as well as in setting up a standard process for identity lifecycles and coarse-grained access management for systems. Such a standardized, traceable process is mandatory for high risk systems. Access Governance, on the other hand, adds the governance level, including analysis, recertification, and related capabilities. Even while a good process might be in place, there remains the risk of mistakes such as forgetting to revoke access entitlements that are no longer required. Here is where Access Governance comes into play. Both capabilities are indispensable elements for an IAM/IAG infrastructure. IDM365 provides an integrated solution covering everything from the basic Identity Provisioning workflows to policy-based access management and access reviews. While the company has a background in a number of industries, there is no particular industry focus in the product and the standard concepts implemented therein. 2 Product Description IDM365 is an integrated solution covering both Identity Provisioning and Access Governance. A primary focus is on integrating business users into the IAM/IAG processes, such as access requests, approval, and recertification of access. This is in sync with the overall evolution of IAM/IAG from a technical discipline to one that enables businesses to manage the entitlements of their users, internal and external ones, while meeting ever-growing regulatory requirements. The product encompasses a modern, task-oriented UI that is very intuitive to use, which can be customized and extended. A unique feature is the integrated video tutorials for certain functions, in sum over 40 videos. On request, ITMC delivers translations into languages other than English. Additionally, there is task-centric background information available, making it easy for users to start with the product. The UI also provides self-service capabilities, allowing, e.g., business users to request access for other users or to on-board or off-board external users. Based on the UI, all common features of Identity Provisioning and Access Governance are available. In the background, there are rule-based workflows that also can be adapted to the customer s requirements. Report No.: 71289 Page 2 of 6

Access can be managed based on roles and job functions, but also by requesting access to certain resources. Roles can be derived from existing information such as SAP data, Microsoft Dynamics, and other systems. However, roles also can be defined manually, if a top-down approach which KuppingerCole clearly favors is in place. A shortcoming (which is also found in a number of other products in this area) is that there are no standard processes for approving role creation and changes. However, such workflows can be implemented as part of customization. In general, supporting approval workflows at all levels is part of the concept. Furthermore, the product also supports definition of SoD rules with a high degree of flexibility of enforcement, i.e. allowing to both mandatorily enforce these and restrict access or allow access under defined compensatory controls. Both accounts and access for particular entitlements can be limited for a defined period. That allows for better control of access of external users, but also for access to critical resources. Another interesting feature in that context is scheduled on- and off-boarding of users. Furthermore, the system supports standard features such as Deputy Management (i.e., Delegation) for handing over tasks to other users in a controlled way. Also worth mentioning are some of the additional tools, which are available as part of the product. The User Data Cleanup tool allows analyzing existing data before setting up the IDM365 infrastructure and connecting systems, e.g. for identifying orphaned accounts. The Data Organize tool supports organization of cleansed data to start role and job function modeling. Aside from the common recertification tasks, there are a number of reporting capabilities. IDM365 provides a variety of capabilities in that area, from a complete audit trail to integrated business intelligence capabilities up to tailored automated documentation for specific regulations such as SOX, CoBIT, and others. As usual, reports can be customized as required. When looking at deployment, the IDM365 server infrastructure looks quite complex at first sight. There are six dedicated server roles required. However, in virtualized environments it isn t that complex to set up such backend infrastructures. The product runs on Windows, as many of today s IAM products do. The front end layer is clearly segregated and can be customized individually. The GUI uses web services to access a unified data store which builds the integration layer to the backend infrastructure. On the other end, a number of systems are supported out-of-the-box. This includes the common backend systems such as Microsoft Active Directory and other Microsoft server products, but also SAP BI and other SAP systems, Oracle databases, and other systems. While the list of connectors is still relatively small compared to other vendors in that market, the conceptual approach allows for rapid integration with backend systems. Furthermore, beside the role-based access controls (RBAC) concepts mentioned above, IDM365 also allows for deeper integration and support for ABAC (attribute-based access control). ITMC also offers further integration, e.g. to mobile device management environments and other platforms on demand. An ITSM (IT Service Management) style service catalogue is already available as part of the product offering. Report No.: 71289 Page 3 of 6

3 Strengths and Challenges Overall, IDM365 is a well thought-out offering in the Identity Provisioning and Access Governance market with an intuitive, leading-edge user interface (UI) design. Also convincing are the conceptual approaches for IAM/IAG, focusing on integration of business users and self-service. The product shines with a number of other features such as integrated data cleansing capabilities, integrated learning videos for end users, and automated creation of documentation for certain regulations. It is very obvious that the product has been created by an experienced team of IAM professionals with strong expertise in real-world deployments of IAM solutions the sum of well though-out concepts is convincing. While this strong conceptual approach provides a clear benefit for most customers, some might struggle with these concepts. However, on one hand the product is quite flexible in customization and on the other hand, sometimes there is over-customization following a strong standard approach commonly is beneficial to most customers. Among the shortcomings of the product is the still rather small number of connectors. Many customers will expect more out-of-the-box connectors including support for common cloud services. While they APIs for interfacing with IDM365 are exposed, there is an obvious need for adding more standard connectors. Another challenge is the fact that ITMC still is a quite small vendor with a relatively small partner ecosystem. This is another area in which the company has to invest: Building a partner ecosystem on global scale. Strengths Modern, intuitive UI for access by business users, supporting a high degree of selfservices Support for standard processes and concepts of IAM/IAG, allowing for rapid deployment and reduced project risks Support for RBAC and ABAC; roles and job functions supported for granting access Flexible assignment of entitlements, timerestricted entitlements and accounts Strong reporting capabilities, including automated reporting to regulatory compliance requirements Challenges Small number of out-of-the-box connectors, but support for a number of important systems and well-documented APIs Still a small vendor with a rather small partner ecosystem, no global scale yet Only available on Windows platform, requires a number of servers Report No.: 71289 Page 4 of 6

4 Copyright 2015 Kuppinger Cole Ltd. All rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them. Report No.: 71289 Page 5 of 6

The Future of Information Security Today KuppingerCole supports IT professionals with outstanding expertise in defining IT strategies and in relevant decision making processes. As a leading analyst company KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business. KuppingerCole, founded in 2004, is a leading Europe-based analyst company for identity focused information security, both in classical and in cloud environments. KuppingerCole stands for expertise, thought leadership, and a vendor-neutral view on these information security market segments, covering all relevant aspects like Identity and Access Management (IAM), Governance, Risk Management and Compliance (GRC), IT Risk Management, Authentication and Authorization, Single Sign-On, Federation, User Centric Identity Management, eid cards, Cloud Security and Management, and Virtualization. For further information, please contact clients@kuppingercole.com Kuppinger Cole Ltd. Sonnenberger Strasse 16 65193 Wiesbaden Germany Phone +49 (211) 23 70 77 0 Fax +49 (211) 23 70 77 11 www.kuppingercole.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information