By Cameron Sturdevant  |  Posted 2005-08-29 Print this article Print

Courion Corp.s Enterprise Provisioning Suite 7.2 allows IT managers at midsize and large organizations to effectively manage user access while meeting internal and external auditors demands for an accurate accounting of who is using company systems and data.

eWEEK Labs implemented Courions behemoth suite of tools, including AccountCourier for user provisioning, PasswordCourier for password management, and ComplianceCourier for access verification and policy management.

Our tests show that the workflow in Enterprise Provisioning Suite 7.2, which was released in June, makes it much easier than in previous versions of the product for non-IT staff to manage user accounts.

With the ComplianceCourier component, Courions Enterprise Provisioning Suite costs $400,000 to outfit 5,000 users—or about $80 per seat. Without ComplianceCourier, the price drops to $300,000, but the policy management component is necessary for many of the sophisticated policies we implemented in tests.

Enterprise Provisioning Suite worked well in our tests, but, like other password management products, it required extensive upfront work. Over time, however, this effort should result in significantly fewer staff hours devoted to generating and maintaining access credentials, reduced error rates, increased assurance that managers are provisioning employees with the least privilege needed to perform their jobs, and easier compliance with regulatory audits.

The actual installation of Enterprise Provisioning Suite was relatively easy; the biggest time sink during our tests was in developing and implementing policies to ensure that users received access to appropriate systems. More than once we had to go back to the role-based AccountCourier and tweak policies to grant or deny access to corporate data systems.

In fact, IT managers should expect the Enterprise Provisioning Suite pilot phase to last several months.

In addition to initial training on the nuts and bolts of how Enterprise Provisioning Suite works, we spent a significant amount of testing time connecting AccountCourier to various infrastructure components, including Microsoft Corp.s Active Directory, Computer Associates International Inc.s eTrust Directory and Novell Inc.s eDirectory. We ran the suite on Windows 2000 running on a Xeon-based IBM eServer 325.

Click here to read more about identity management and directories. We used Courions Identity Link technology to connect our various directory repositories. We were able to pull user data from all these directories and then designate one—in our case, an eTrust Directory—as the authoritative source for users and accounts.

We also were able to create a definitive list of all users and accounts we had created, regardless of the data repository.

Identity Link comes in especially handy for dealing with territorial department managers who tend to get nervous about incorporating data in a central location. During tests, we were able to leave data in the hands of local administrators while using Identity Link to ensure that all user accounts were up-to-date.

eWEEK Labs also stole a trick from case-study subject SunTrust Banks Inc., which uses Courion identity management and provisioning tools: While leaving user data with local applications, we linked our network access list with AccountCourier so that all account access was denied when a user was terminated in our test environment. Thus, even users who were not provisioned with Enterprise Provisioning Suite—nearly all the accounts in our test environment—were ultimately brought under control of the product.

As an added benefit of this process, we were able to get good audit reports that systematically showed that terminated users were indeed denied access to various corporate data systems, regardless of whether their individual accounts were removed from the application.

Next page: Evaluation Shortlist: Related Products.

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel