Sun Microsystems, Oracle and Novell all have something to say about identity and access management. Each vendor is releasing a new security product to answer needs in the market. While Oracle focuses on thwarting online and insider fraud, Sun and Novell take different security approaches rooted in compliance.
Three of the major identity and access management vendors-Oracle, Novell
-put a new horse in the race for control of the security space
today, Oct. 20.
While Oracle turned its attention towards fighting online threats, however, Novell
and Sun kept their eyes on compliance mandates.
In the case of Oracle, the emphasis was on mitigating insider fraud and
protecting business applications against phishing, Trojans and other
Web-based threats. In Oracle Adaptive Access Manager 10g R3, the company
built in context-aware capabilities to fight fraud. Also included is an autolearning
feature that security administrators can use to detect fraud patterns and usage
anomalies. In addition, Oracle added reporting tools that integrate with Oracle
Business Intelligence Publisher and enhanced forensic capabilities.
Meanwhile, Sun released its Identity Compliance Manager with a focus on
enforcing segregation of duties and access certification-measures meant to help
businesses meet regulatory and industry compliance mandates.
"You need to review your access on a periodic basis," said Nick
Crown, senior product manager for Identity Compliance Manager. "Essentially
what [access certification] means is with this software we're able to aggregate
all of your identity and access management across the enterprise."
Sun also added a number of compliance dashboards and reports to provide
executives with relevant information to ensure that the proper controls are in
place to meet compliance regulations.
Is whitelisting the answer to enterprise security? Click here for eWEEK Security Center Editor Larry Seltzer's opinion.
Novell introduced the Novell Access Governance Suite to augment its existing
compliance management portfolio. The suite consists of two products, Novell Roles
Lifecycle Manager and Novell Compliance Certification Manager. Aimed at
bridging the gap between security mandates and unique business requirements,
both products are based on an OEM relationship between Novell and identity and
access management vendor Aveska.
Access data is collected and normalized, Novell officials said, and there is
full automation for access review, certification and reporting as well as
access change management and access rights remediation.
"IT provides tools that enable governance
activities," Kevin Kampman, an analyst with the Burton Group, said in a
statement. "However, IT departments are increasingly being asked to enact
business polices and automate business processes of which they neither have
knowledge of nor control over. To close this divide, policy decisions and
compliance monitoring must be pushed to the business owners. Identity
management vendors have begun to address this issue through improved workflow,
delegated administration, self-service and access attestation functionality."