NETWORK WORLD NEWSLETTER: DAVE KEARNS ON IDENTITY MANAGEMENT 11/03/04 Today's focus: Are we looking for network management for identity?
Dear [EMAIL PROTECTED], In this issue: * What if software, apps and services had their own management ��information base for audit controls? * Links related to Identity Management * Featured reader resource _______________________________________________________________ This newsletter is sponsored by NetScout The deployment of VoIP is well underway and unstoppable, but the implementation and ongoing support is extremely challenging. To successfully support VoIP and other demanding applications, IT organizations need to change their approach to network management. Learn about readiness assessment, design and ongoing management in the Network World Special Report: Recommendations for Implementing and Managing Converged Networks. http://www.fattail.com/redir/redirect.asp?CID=85918 _______________________________________________________________ NW TECHNOLOGY INSIDER: STORAGE ILM With real benefits in terms of saving money and making business run more smoothly, information lifecycle management deserves a closer look. In this in-depth technology review, we profile users who are on the cutting edge of ILM and describe how ILM can be one of the building blocks of the new data center. Click here: http://www.fattail.com/redir/redirect.asp?CID=86082 _______________________________________________________________ Today's focus: Are we looking for network management for identity? By Dave Kearns Last week I met with David Frogel and Deb Pappas from Courion, along with Mark Ford from Deloitte & Touche's Enterprise Risk Services practice. We were talking about the recent joint agreement (which I mentioned last issue) to bring about a very close working relationship between the two organizations. In particular, Frogel talked about how Courion's PasswordCourier and ComplianceCourier products brought a lot of value to D&T's enterprise identity management offerings. Ford and Pappas, of course, just wanted to talk about the Red Sox. (That's humor, folks. Really!) In expanding on the benefits of the Courion offerings, Ford said that it was like "network management for identity." I paused for a second or two, and then asked if he was suggesting that what we need is something like SNMP, traps, monitors and MIBs for identity. Alas, Ford isn't an old network manager like I am, so he simply looked quizzical. But when I explained Simple Network Management Protocol (SNMP), trapping and Management Information Bases (MIB) he began to understand. (MIB is a database of managed objects accessed by network management protocols. An SNMP MIB is a set of parameters that an SNMP management station can query or set in the SNMP agent of a network device, such as a router.) Much of the identity management activity these days involves regulatory compliance, logs and auditing. Reading through audit logs is brain-numbing activity. Companies such as Courion (with its ComplianceCourier), Thor and Oblix are enabling the automated searching of audit logs, as well as providing agents that audit services and applications on their own. But suppose software, applications and services had their own "management information base" for audit controls. Who better to know what and how to audit than the vendor that creates the service or application? Likewise, who better than the vendor to realize which activities should be trapped, flagged, logged and identified to security or compliance personnel? The MIB, though, would allow each organization to determine the prioritization of the trappable activities. This would let identity management vendors, such as Courion, concentrate on building the hardened, secure management consoles needed to monitor and control the activities of users, apps and services to judge compliance and to signal problems. This isn't something that one vendor (or one newsletter writer, for that matter) can launch on its own. It'll require cooperation from identity management vendors, as well as those whose products need to be monitored for regulatory compliance. Still, the need is great and the deadlines are near. Non-compliance can mean real penalties - up to and including jail time - for those who are covered by the regulations, which is just about everyone except subsistence farmers. The IETF process takes too long. The OASIS method leaves much to be desired. Perhaps an ad-hoc group such as the Liberty Alliance is what's needed. Not, I hasten to add, that Liberty should take on the task (it has a number of changes to assimilate as it is, which I'll cover next week) but that a new group of vendors, regulated industries and software creators that need to be audited should come together and forge a standard. I'll come back to this in a couple of weeks to give you the time to offer your suggests, comments or criticisms. Let the e-mails roll! ______________________________________________________________ To contact: Dave Kearns Dave Kearns is a writer and consultant in Silicon Valley. He's written a number of books including the (sadly) now out of print "Peter Norton's Complete Guide to Networks." His musings can be found at Virtual Quill <http://www.vquill.com/>. Kearns is the author of three Network World Newsletters: Windows Networking Tips, Novell NetWare Tips, and Identity Management. Comments about these newsletters should be sent to him at these respective addresses: <mailto:[EMAIL PROTECTED]>, <mailto:[EMAIL PROTECTED]>, <mailto:[EMAIL PROTECTED]>. Kearns provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail at <mailto:[EMAIL PROTECTED]> _______________________________________________________________ This newsletter is sponsored by NetScout The deployment of VoIP is well underway and unstoppable, but the implementation and ongoing support is extremely challenging. To successfully support VoIP and other demanding applications, IT organizations need to change their approach to network management. Learn about readiness assessment, design and ongoing management in the Network World Special Report: Recommendations for Implementing and Managing Converged Networks. http://www.fattail.com/redir/redirect.asp?CID=85917 _______________________________________________________________ ARCHIVE LINKS Breaking identity management news from Network World, updated daily: http://www.nwfusion.com/topics/directories.html Archive of the Identity Management newsletter: http://www.nwfusion.com/newsletters/dir/index.html _______________________________________________________________ FEATURED READER RESOURCE NW CLEAR CHOICE TESTS The Network World Lab Alliance is a coalition of industry experts, network integration consultants, independent test labs and universities who conduct single-product reviews and head-to-head comparative tests in real enterprise network settings. Find out which products get the "thumbs-up" in categories such as web front-end devices, WLAN security, anti-spam and more at: <http://www.nwfusion.com/reviews/> _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.subscribenw.com/nl2 International subscribers click here: http://nww1.com/go/circ_promo.html _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: <http://www.nwwsubscribe.com/Changes.aspx> To unsubscribe from promotional e-mail go to: <http://www.nwwsubscribe.com/Preferences.aspx> To change your e-mail address, go to: <http://www.nwwsubscribe.com/ChangeMail.aspx> Subscription questions? Contact Customer Service by replying to this message. This message was sent to: [EMAIL PROTECTED] Please use this address when modifying your subscription. _______________________________________________________________ Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: <mailto:[EMAIL PROTECTED]> Inquiries to: NL Customer Service, Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 For advertising information, write Kevin Normandeau, V.P. of Online Development, at: <mailto:[EMAIL PROTECTED]> Copyright Network World, Inc., 2004 ------------------------ This message was sent to: [EMAIL PROTECTED]
