Product Group Tests
Identity management (2009)February 01, 2009
Great value for the money, solid capability and ease of management win Quest One Identity Solution our Best Buy rating.
Tight integration makes Passlogix v-GO Access Accelerator Suite a solid product. We rate it Recommended.
The identity of this category has been a bit blurred, covering as it does so many functions. Things seem to be firming up, though, says Peter Stephenson, with six varied products to review this month.
Identity management has been a fuzzy term, encompassing a lot of different functionality. That said, the functionality that ID management products provide has been increasing and a picture may at last be emerging of what really is meant by identity management.
This month we have reviewed products ranging from simple single sign-on to full-featured appliances that cover all of the functionality currently thought of as required for a solid ID management product. However, the nature of the functionality still seems loosely-defined: some products included provisioning, single sign-on and authentication; others added session managers and a shared account manager.
In 2007, Gartner research vice-president Ant Allan grouped identity management into: directory technologies, identity administration, identity auditing, identity verification and access management. Systems, says Allan, must exhibit administration, authentication, authorisation and auditing functionality.
The question, then, is: what really is required in an ID management system? Certainly provisioning is a must. And, for example, single sign-on has become de rigueur. Once, pundits said SSO was not practical. Today, lack of SSO weakens an ID management product that aims to be full-featured.
Buying identity management
As with any product, you really need to do a thorough analysis of your requirements. That may include determining what products you use currently that might need to integrate with the ID management system. Certainly, it is useful to compare Allan's groupings with your product choice. How are you managing identities and access control now? Are there solid policies and procedures in place that you will need to automate without losing functionality? Or, perhaps, are your policies and procedures less than robust? That can be a blessing in disguise because you can build appropriate policies and procedures to fit the products you have under consideration.
Once you understand the environment in which you will implement ID management, ask the really tough question: do you need to automate at all? All these products require some dedication to their implementation so if you don't need the functionality, don't cause yourself the pain of building a system you could do without.
Indicators to consider in ID management include size of the organisation, its geographic dispersal, and the number of applications or systems that your users need access to. If the nature of that access is disparate (ie not everyone has the same access needs), you may be a candidate for an ID management system. Wide geographic dispersal and large size are indicators, too. If you are a multinational, make sure there are no restrictions in host countries against the type of implementation you envision.
If you only need some of the functionality of a full-featured product, look closely at the software product suites. These have lots of functionality in discrete modules and can be a real bargain if you don't need the whole enchilada.
If you are starting from scratch, you may want to look at a full-featured appliance. Don't discount the software suites, though. They are increasingly complete and offer flexibility.
How We Tested
This was a straightforward month in the lab. We focused on ease of implementation and administration, because in large enterprises these two features offer the greatest challenges. User provisioning was very important as well - for those products that offered that functionality - because the closer one can get to self-provisioning, the easier the overall management of the system.
We were concerned with supportability as well. Strong support packages and a good support website are critical, because ID management is not a 9 to 5, five-day a week function. When the ID management system stops working, the company is on its knees until everything can be brought back online. In some respects, identity management represents a potential single point of failure for an entire organisation. If workers can't access network resources, the business of a modern organisation grinds to a halt. That calls for a good support structure shared between vendor and customer.
A final word regarding value for money. Ultimately, we were concerned about overall cost of ownership throughout the lifecycle. It meant that pure cost of products was only one factor in determining value.
All products in this group test
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Microsoft update left Azure Linux virtual machines open to hacking
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry