Identity and Access Management in Enterprise 2.0
Microsoft's new identity and access management offering can help enterprises achieve agile aims.ORLANDO, Fla.-This is the story of how the most banal function in the enterprise can go from impeding changes critical to a company's survival to providing the most critical support for changes sweeping across the competitive landscape. Microsoft's second take at identity and access management-what it calls Identity Lifecycle Manager 2-is intended to help support customers as they adapt to major changes sweeping the enterprise space: virtualization, mobility and Webification.
Microsoft is no stranger to identity and access management, but the company seems to have rethought key elements of its current ILM product by putting users at the center of the application suite.
In addition to empowering the individuals who are drafting the policies and processes to actually put them into practice, we also provide rich administrative tools and enhanced automation for IT professionals, including a central management and enforcement capability, so end users can't circumvent established enterprise security policies. Also, customers have told us that when you have IT folks trying to implement business policies that they may not fully understand-as is the norm today-that can create security and compliance risks. What ILM '2' does is really change the game as far as identity management goes.The new version of ILM takes a holistic view of users, making it easier for them to port their identities to mobile devices. Companies are also looking for ways to get more efficient by allowing partners, consultants and other third parties access to their networks. But this agility needs to be secured as well. "We need to provide access, but in a secure manner," Leland said. Gartner describes the identity management issue as "the confusion, frustration and lost productivity organizations must deal with as they struggle to manage legitimate access for their employees, partners and customers to the electronic systems they genuinely need." And the advent of cloud-based computing has created new challenges for security-minded enterprises. "In order to run those, you need to be able to authorize and authenticate identity. We are building that capability into our software plus services offering. I view this as being a key enabler for software as a service," Leland said. Leland said ILM 2 also supports identity and access management across both physical and virtual environments. The application can be extended across form factors and operating system environments by Microsoft partners. For instance, Omada Solutions provides role-based access control and compliance, Gemalto is in the two-factor authentication space and Quest Software extends Active Directory and Active Directory federation to non-Windows environments. Leland said Microsoft is also unique "in that we view ID management and credential management as two sides of the same coin. In most other cases, those are viewed as two separate issues," he said. Other enhancements to the 2007 version of ILM include: - policy management, allowing managers to create ID and access rights based on business policies by leaning on an existing Active Directory infrastructure and Windows Workflow Foundation; - credential management, giving managers access to a full range of credentials in a single environment; and - group management, allowing managers to create and manage groups. One Achilles heel to Microsoft's approach, however, is that it relies on Active Directory and the notion of roles-an approach that may well become irrelevant as Enterprise 2.0 evolves from the Information Age into the Virtualization Age, in which knowledge workers take on several and overlapping roles.