Product Group Tests
Identity management (2010)
Fischer Identity provides powerful identity management for an excellent price. Our Best Buy.
For its strong features, flexibility and ease of use we rate Quest One Identity Solution Recommended.
Full Group Summary
Another convergence is on the way with regards to identity management products. Peter Stephenson investigates.
Many of the identity management products we looked at this month are beginning to look like something more. The emphasis is increasingly, on the total account management lifecycle. As one would expect, there are a couple of interesting twists.
For example, there was a time, still is in some organisations, where Windows and Unix/Linux was so different that they could not be united. However, even die-hard '*nix-ers' are now acknowledging that for some parts of the enterprise Windows is likely to rule the roost. That means that these large-scale servers, often housing large databases, must for efficiency's sake authenticate through some unified mechanism. In the MS Windows world that is likely to be Active Directory. If you want to use Microsoft you have to play by its rules, and many of the products we looked at that recognise *nix are doing exactly that.
The identity management solutions that we reviewed exhibited increased maturity, which tells us that the evolution of these products is continuing. That is good news for our industry but it can make selecting a product a bit more challenging.
We almost always caution that you should understand your environment and needs thoroughly before you go shopping. You need to analyse what the product needs to do in your environment.
This approach is even more important with this year's batch because there are some products experiencing more functionality convergence and some demonstrating less. You really must be sure of what you need and you really must think hard about what it means to move from a single-purpose solution to a more multipurpose one that supplants the single-purpose offering you are using currently. The impact of such a change can be significant without proper advance planning and understanding the problems that you need to solve.
Overall, we found that this year's crop added a form of single sign-on and account provisioning to the traditional identity management functions. Both of these have been with us for a while, but a few of the products are beginning to address the entire account management lifecycle.
Single sign-on does not always mean single sign-on, as at least one product in this test was quite traditional. You use a single password (or token) to log into any of the resources to which you have access. However there are subtleties as well. For example, one product allows you to proxy a login for sensitive accounts, so that if you remove a privileged user you do not have to change the account login because it is never really known except by the account manager.
Managing accounts, users and identity data, along with provisioning, can be very challenging in a large enterprise. For example, how are you going to provision users across a global network with dozens of locations and thousands of workers? Add the complexity of needing some of those users, but not all, to use tokens for authentication and you ask yourself if self-provisioning is really the answer.
To what granularity do you need universal account management? Is network login enough or do you need to get to the application level? All of these questions and more enter into your choice of products.
To these identity management specifics we must add the more generic issues of support - both within the organisation and the quality of assistance offered by the vendor.
Internal support, often the help desk, can be critical to keeping resources accessible to the users. However, resource access is usually on a 24/7 basis, so does your selected vendor offer that level of help to back up your internal resources if necessary? Finally, is support universally and evenly available for all of your locations?
Overall, we found that the product group we looked at this year were a sort of cream of the crop from previous years. These solutions are fascinating and in times of increased regulatory requirements, fighting reduced resources and increasing network complexity with a growing threat environment, products such as these will become the rule rather than the exception that they might have seemed in the past.