IAM: Key concepts and predictions for 2011

Transcription

1 E-Guide IAM: Key concepts and predictions for 2011 This expert e-guide discusses key trends that will significantly impact identity and access management concepts in 2011, and highlights the critical questions any organization must ask when selecting an IAM product. Sponsored By:

2 E-Guide IAM: Key concepts and predictions for 2011 Table of Contents Identity and access management concepts and predictions to watch in 2011 Resources from CA Technologies Sponsored By: Page 2 of 7

3 Identity and access management concepts and predictions to watch in 2011 At Forrester Research Inc., we've heard from many of our clients that security is still the top driver behind the use of identity and access management tools. But, we've also seen an interesting shift since 2009: IT administration efficiency is now the second most common motivator, with 30% of respondents from a recent Forrester survey weighting this efficiency above regulatory compliance. Business agility is also a new factor, as business owners increasingly look to security professionals to solve business problems. But, despite increased spending, security and risk professionals continue to face tough vendor selection decisions due to customization and user-friendliness requirements. Additionally, recent vendor acquisitions have left a wake of ongoing repercussions, such as Oracle Corp's acquisition of Sun Microsystems and its Identity Manager product, which effectively killed the Sun OpenSSO Web single sign-on project without providing an open source alternative. This has forced many enterprises to migrate to Oracle Identity Manager from Sun Identity Manger, without any usable migration tools, undoubtedly a difficult process. Given these shifts, Forrester is predicting a few key trends that will affect identity and access management concepts in 2011, and beyond: Prediction 1: Business agility will continue to rise in importance Many security professionals stopped using access recertification tools -- which aid comparative analysis to determine if user access rights are valid and/or necessary -- on a periodic basis, recognizing that compliance is more than just generating a huge stack of audit records. Instead, they're providing continuous compliance to auditors by understanding how users obtain access to an application, offering the ability to perform access recertification outside of campaign cycles. Supporting this idea, access recertification has been gaining ground, even without direct provisioning. Additionally, business-friendly user interfaces, risk scoring, usage patterns highlighting and pattern recognition all point in this direction. Sponsored By: Page 3 of 7

4 Prediction 2: Data security will come to depend on IAM The recent WikiLeaks drama is a perfect example of the importance of information asset control and protection. The debacle could have been prevented, not only by tighter and more context-sensitive access control of applications, but also by preventing easy access to need-to-know information. Today, we're already seeing Web single sign-on, entitlement management, user account provisioning and access recertification adding features that support integration of data asset control with identity lifecycle management. Prediction 3: Mobile devices will need to be managed via IAM systems Today, mobile phones often act like portable PCs: They're being used to store sensitive data, to access business and personal applications, and to submit and approve access requests. And, on top of this, many users are opting to use thick-client applications (like a CRM application for their sales forces) from their mobile devices. Given the evolving mobile environment, security professionals will have several issues to consider, such as rethinking how to control access to corporate applications when users are signing on from a mobile browser, and applying identity access management features to mobile phones. While today's IAM tools are hardly mobile-browser friendly, expect this to change in IAM vendors will likely add -based, fast track approvals and the ability to spawn sessions for system administration from a mobile device. Prediction 4: IAM in the cloud will provide more than just access control In 2011, Forrester is expecting a variety of vendors to provide trusted broker services for enterprise access to Software as a Service (SaaS) applications with single or reduced signon. This will likely mean access control to SaaS applications will expand into provisioning, access recertification and role management. Additionally, we're expecting organizations to increasingly pass user attributes from identity providers to service provider applications, in order to drive user entitlements. For example, verification of users through social networking sites will serve as a means to vet users to the company's external facing website for low-value, high-volume transactions. Sponsored By: Page 4 of 7

5 With the increasing sophistication of fraud rings and security attacks, coupled with the rapid adoption of various mobile and post-pc devices and the changing business environment, it will be important to consider various questions when selecting your organization's next IAM product. For example, does the product recognize risk and patterns, making fraudulent activity easily identifiable? Or, more simply, does the product work from a mobile device? While mobile browser support is a minimum requirement, mechanisms for secure PKI certificate management and centralized access auditing should also be expected. But, most importantly, does the product help improve business agility and demonstrate value? By proving to budget holders that substantial savings are achievable, it will be much easier to sell the product internally. Sponsored By: Page 5 of 7

6 who can turn security into know instead of no? you can With our unique ability to know across all environments. Saying no to unauthorised access is important. But know is far more important. Content-aware Identity and Access Management from CA Technologies brings the power of know all the way down to the data level. Identities. Access. Information. Compliance. For a secure solution, use the power of know to make your business more agile. To put the power of know to work for you, visit ca.com/security Copyright 2011 CA. All rights reserved.

7 Resources from CA Technologies Content-Aware Identity & Access Management in a Virtual Environment CA Technology Brief: CA Point of View: Content Aware Identity & Access Management Defending Against Insider Threats to Reduce your IT Risk About CA Technologies CA Technologies (NASDAQ: CA) is an IT management software and solutions company with expertise across all IT environments - from mainframe and distributed, to virtual and cloud. CA Technologies manages and secures IT environments and enables customers to deliver more flexible IT services. CA Technologies innovative products and services provide the insight and control essential for IT organizations to power business agility. The majority of the Global Fortune 500 relies on CA Technologies to manage evolving IT ecosystems. Sponsored By: Page 7 of 7