Key Issues for Identity and Access Management, 2008



Similar documents
The Hype Around an Integrated Talent Management Suite Outpaces Customer Adoption

The Five Competencies of MRM 'Re-' Defined

Eight Critical Forces Shape Enterprise Data Center Strategies

The Current State of Agile Method Adoption

Q&A: The Many Aspects of Private Cloud Computing

Research Agenda and Key Issues for Converged Infrastructure, 2006

2010 FEI Technology Study: CPM and BI Show Improvement From 2009

Cost Optimization: Three Steps to Saving Money on Maintenance and Support for Network Security Products

Knowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets

Deliver Process-Driven Business Intelligence With a Balanced BI Platform

Managing IT Risks During Cost-Cutting Periods

The EA process and an ITG process should be closely linked, and both efforts should leverage the work and results of the other.

Consider Identity and Access Management as a Process, Not a Technology

IAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions.

Real-Time Decisions Need Corporate Performance Management

Gartner Clarifies the Definition of the Term 'Enterprise Architecture'

The Seven Building Blocks of MDM: A Framework for Success

IT asset management (ITAM) will proliferate in midsize and large companies.

Now Is the Time for Security at the Application Level

Vendor Focus for IBM Global Services: Consulting Services for Cloud Computing

Business Intelligence Focus Shifts From Tactical to Strategic

Governance Is an Essential Building Block for Enterprise Information Management

How BPM Can Enhance the Eight Building Blocks of CRM

Key Issues for Data Management and Integration, 2006

Research. Mastering Master Data Management

2009 FEI Technology Study: CPM and BI Pose Challenges and Opportunities

The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools

The What, Why and When of Cloud Computing

Research. Identity and Access Management Defined

Iron Mountain's acquisition of Mimosa Systems addresses concerns from prospective customers who had questions about Mimosa's long-term viability.

Best Practices for Confirming Software Inventories in Software Asset Management

Key Issues for Business Intelligence and Performance Management Initiatives, 2008

Agenda for Supply Chain Strategy and Enablers, 2012

Overcoming the Gap Between Business Intelligence and Decision Support

Discovering the Value of Unified Communications

IT Operational Considerations for Cloud Computing

When to Use Custom, Proprietary, Open-Source or Community Source Software in the Cloud

BEA Customers Should Seek Contractual Protections Before Acquisition by Oracle

CDOs Should Use IT Governance and Risk Compliance Management to Advance Compliance

Gartner Defines Enterprise Information Architecture

Toolkit: Reduce Dependence on Desk-Side Support Technicians

For cloud services to deliver their promised value, they must be underpinned by effective and efficient processes.

Security and Identity Management Auditing Converge

Cloud, SaaS, Hosting and Other Off-Premises Computing Models

Integrated Marketing Management Aligns Executional, Operational and Analytical Processes in a Closed-Loop Process

Data in the Cloud: The Changing Nature of Managing Data Delivery

Risk Intelligence: Applying KM to Information Risk Management

Business Intelligence Platform Usage and Quality Dynamics, 2008

Roundup of Business Intelligence and Information Management Research, 1Q08

Emerging PC Life Cycle Configuration Management Vendors

Microsoft's Cloud Vision Reaches for the Stars but Is Grounded in Reality

In the North American E-Signature Market, SaaS Offerings Are Increasingly in Demand

Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users

Transactional HR self-service applications typically get implemented first because they typically automate manual, error-prone processes.

Critical Privacy Questions to Ask an HCM/CRM SaaS Provider

Cloud IaaS: Service-Level Agreements

Understanding Vulnerability Management Life Cycle Functions

Global Talent Management Isn't Just Global

How Eneco's Enterprisewide BI and Performance Management Initiative Delivered Significant Business Benefits

Case Study: New South Wales State Department of Education Adopts Gmail for 1.2 Million Students

Gartner's Business Intelligence and Performance Management Framework

Backup and Disaster Recovery Modernization Is No Longer a Luxury, but a Business Necessity

Gartner's View on 'Bring Your Own' in Client Computing

Successful EA Change Management Requires Five Key Elements

2010 Gartner FEI Technology Study: Planned Shared Services and Outsourcing to Increase

An outline of the five critical components of a CRM vision and how they contribute to an enterprise's CRM success

Singapore Empowers Land Transport Planners With Data Warehouse

Establishing a Strategy for Database Security Is No Longer Optional

Government 2.0 is both citizen-driven and employee-centric, and is both transformational and evolutionary.

NGFWs will be most effective when working in conjunction with other layers of security controls.

Clients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in

Tactical Guideline: Minimizing Risk in Hosting Relationships

IT Architecture Is Not Enterprise Architecture

Organizations Must Employ Effective Data Security Strategies

Use This Eight-Step Process for Identity and Access Management Audit and Compliance

Five Business Drivers of Identity and Access Management

User Survey Analysis: Usage Plans for SaaS Application Software, France, Germany and the U.K., 2009

Tips for Evaluators: Better Business Intelligence RFPs

Make the maturity model part of the effort to educate senior management, so they understand the phases of the EIM journey.

Private Cloud Computing: An Essential Overview

The IT Service Desk Market Is Ready for SaaS

MarketScope for IT Governance, Risk and Compliance Management, 2008

Organizational Structure: Business Intelligence and Information Management

The Six Triggers for Using Data Center Infrastructure Management Tools

Recognize the Importance of Digital Marketing

How to Develop an Effective Vulnerability Management Process

Transcription:

Research Publication Date: 7 April 2008 ID Number: G00157012 for Identity and Access Management, 2008 Ant Allan, Earl Perkins, Perry Carpenter, Ray Wagner Gartner identity and access management research covers products, strategies and services, such as identity administration, access management and transaction assurance, which embed security into business processes. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

ANALYSIS Topic Definition and Scope Identity and access management (IAM) is the set of processes and technologies to manage across multiple systems for all users inside and outside the organization: Users' identities Each an identifier and a set of attributes Users' access Interactions with information and other assets Gartner research in this area is organized around four major Core Topics: IAM Program Management, Identity Management, Identity Verification and Access Management. Security issues, such as risk management, threat and vulnerability management, and business continuity and disaster recovery management, are addressed by other security focus areas (see "Role Research Agenda for Security and Risk Management, 2007" and " for Infrastructure Protection, 2008"). Target Audience Gartner IAM research applies directly to IT professionals in many roles, including: Chief information security officer Chief privacy officer Chief risk officer Chief security officer Senior business analyst HR manager IT manager Network security analyst Security/audit/risk project manager IT auditor This research applies to all public, private and nonprofit industry segments and all organization sizes, and is global in scope. Efficiently and Effectively Managing Users' Identities and Access Contributes to Business Agility and Performance IAM is a recognizable discipline in information security that encompasses a range of enterprise tools and technologies in a distinct architecture supporting a set of interrelated processes. The three main business drivers for IAM solutions are security efficiency (lower costs and improved service), security effectiveness (including regulatory compliance) and business agility and performance (including workforce effectiveness and customer convenience). Publication Date: 7 April 2008/ID Number: G00157012 Page 2 of 7

IAM technologies can be grouped into five classes: Directory technologies Identity administration Identity audit and assurance Identity verification Access management Most organizations must orchestrate at least one tool from each class for a full IAM solution. Technologies not traditionally part of IAM can contribute. Of Gartner's four Core Topic areas (IAM Program Management, Identity Management, Identity Verification and Access Management), three focus on the major technology areas. The other focuses on managing IAM programs. High-Level How can organizations establish effective IAM governance? What is needed to develop IAM architecture and improve IAM process maturity? How can organizations develop a long-term vision and a plan for IAM? What are the most effective technologies, standards and best practices for IAM? Who are the leading providers of IAM products and services, and what are their key offerings, differentiators and strategies? How is the market for IAM evolving in new technologies, market trends and drivers, and user requirements? Core Topics IAM Program Management A broad, integrated IAM solution must be founded on: A consistent, mature architecture A conduit for gathering, translating and communicating business and regulatory needs from the business to policy teams and IT functional groups that is, policy and controls Well-defined and mature processes Each perspective has some overlap with the other two, and an IAM program must successfully service and integrate all three. IAM program activities span three major phases: Planning: This phase is broken down into three parts strategizing, organizing and annual planning. A successful IAM program must have well-defined vision, objectives and priorities in a clearly stated scope. Publication Date: 7 April 2008/ID Number: G00157012 Page 3 of 7

Building: This is done via the three perspectives on IAM. Activities should be performed in appropriately prioritized projects and project phases (defined in the planning phase). Running: This phase contains continuous activities that is, the identity, access model and workflow processes. The last element of an IAM program is governance. IAM can make a significant contribution to information security as a governance function, but IAM also is a function to be governed. A governance structure for IAM may be modeled on committees and reporting relationships that the business has established to govern the entire IT function or information security. Because of the strong business focus of IAM, business units and identity-related infrastructure functions, such as HR, may take on greater responsibility and accountability for IAM activities than for other information security activities. How can organizations establish effective IAM governance? What is needed to develop IAM architecture and improve IAM process maturity? How can organizations develop a long-term vision and a plan for IAM? Recent Research "A Decision Framework for Initial Identity and Access Management Planning" "Hype Cycle for Identity and Access Management Technologies, 2007" "Hype Cycle for Compliance Technologies, 2007" "The Enterprise Governance, Risk and Compliance Platform Defined" "Cost Cutting in Enterprises, and Six Ways Identity and Access Management Programs Can Help" Identity Management Organizations face the challenge of managing the multiple identities of their employees, business partners and customers along with their attributes and access rights effectively and efficiently across multiple systems. Furthermore, organizations must be able to provide assurance that they are doing so. Identity administration tools focus not only on the administration function primarily, the administration of users' multiple identities, attributes and credentials across heterogeneous environments but also the administration of access model constructs, such as roles and resource access control information (such as access control lists). User-provisioning and password management are the most mature tools in identity management, but alone they are not sufficient for a full-blown identity administration solution: They must be augmented by role management and resource access administration capabilities. Identity audit and assurance encompasses documenting, reviewing and approving workflow, identity information and access controls roles, segregation of duties rules and entitlements for business applications and associated infrastructure components. Identity audit and assurance is crucially important to IAM governance in general, and regulatory compliance in particular. Publication Date: 7 April 2008/ID Number: G00157012 Page 4 of 7

We are seeing increased blurring of the lines between identity administration and identity audit and assurance tools. In particular, role management for enterprises tools and identity auditing or "identity governance" tools have significant overlap in functionality, and, along with userprovisioning tools, are key technologies for IAM governance. What are the most effective technologies, standards and best practices for identity management? Who are the leading providers of identity management products and services, and what are their key offerings, differentiators and strategies? How is the market for identity management evolving in new technologies, market trends and drivers, and user requirements? Recent Research "Magic Quadrant for User Provisioning, 2H07" "Managing Identity Matures" "Security Information and Event Management Complement Identity and Access Management Audits" "Security Considerations and Best Practices for Securing Virtual Machines" "Radically Transforming Security and Management in a Virtualized World: Concepts" "Radically Transforming Security and Management in a Virtualized World: Considerations" Identity Verification It is critical that an organization be able to verify, with an appropriate level of confidence, who it is allowing to access its systems. However, this must be balanced with ease of use, because end users overwhelmed by security requirements may behave in ways that reduce security. Besides the issues directly related to authentication, the Identity Verification Core Topic focuses on how authentication, or authenticated identities, and other identity information can be brokered among diverse target systems or domains. Identity verification tools encompass all aspects of real-time authentication: identity proofing (a precursor to provisioning an identity), authentication methods and their supporting infrastructures, as well as technologies for brokering authentication and authenticated identities and attributes across heterogeneous environments. What are the most effective technologies, standards and best practices for identity verification? Who are the leading providers of identity verification products and services, and what are their key offerings, differentiators and strategies? How is the market for identity verification evolving in technologies, market trends and drivers, and user requirements? Publication Date: 7 April 2008/ID Number: G00157012 Page 5 of 7

Recent Research "A Taxonomy of Authentication Methods" "Magic Quadrant for Enterprise Single Sign-On, 2007" "Active Directory and Unix Integration: Options for Reduced Sign-on and Administration" "Options for Single Sign-On to SaaS Applications" "Ways of Integrating New Authentication Methods Within a Heterogeneous Environment" Access Management Organizations must control access to systems and content so that end users can contribute to business performance without compromising security. Centralizing policy administration and decision points improves consistency and ease of management. Although access management tools have administration capabilities, their distinctive focus is on authorization. Access management tools enforce access control policy (or policies) across heterogeneous environments. What are the most effective technologies, standards and best practices for access management? Who are the leading providers of access management products and services, and what are their key offerings, differentiators and strategies? How is the market for access management evolving in new technologies, market trends and drivers, and user requirements? Recent Research "Magic Quadrant for Web Access Management, 2H07" "Tear Down Application Authorization Silos With Authorization Management Solutions" "Model-Driven Security: Enabling a Real-Time, Adaptive Security Infrastructure" RECOMMENDED READING "Identity and Access Management Technologies Defined, 2008" "Developing IAM Best Practices" "Consider Identity and Access Management as a Process, Not a Technology" Publication Date: 7 April 2008/ID Number: G00157012 Page 6 of 7

REGIONAL HEADQUARTERS Corporate Headquarters 56 Top Gallant Road Stamford, CT 06902-7700 U.S.A. +1 203 964 0096 European Headquarters Tamesis The Glanty Egham Surrey, TW20 9AW UNITED KINGDOM +44 1784 431611 Asia/Pacific Headquarters Gartner Australasia Pty. Ltd. Level 9, 141 Walker Street North Sydney New South Wales 2060 AUSTRALIA +61 2 9459 4600 Japan Headquarters Gartner Japan Ltd. Aobadai Hills, 6F 7-7, Aobadai, 4-chome Meguro-ku, Tokyo 153-0042 JAPAN +81 3 3481 3670 Latin America Headquarters Gartner do Brazil Av. das Nações Unidas, 12551 9 andar World Trade Center 04578-903 São Paulo SP BRAZIL +55 11 3443 1509 Publication Date: 7 April 2008/ID Number: G00157012 Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information