Outsourcing access management?

I asked Adam Bosnian from privileged access management maker Cyber-Ark what sessions he thought would be interesting at RSA. He's going to the application security sessions. In years past, he's seen these sessions focus on application coding security tools to look for buffer overflows or other coding errors that could

I asked Adam Bosnian from privileged access management maker Cyber-Ark what sessions he thought would be interesting at RSA. He's going to the application security sessions. In years past, he's seen these sessions focus on application coding security tools to look for buffer overflows or other coding errors that could create a security risk.

I'll also be interested to see if, because of SOA, app makers will focus on making apps while leveraging security products such as Cyber-Ark's newly announced Enterprise Password Vault 4.5 to take care of access management.

This isn't the first time I've heard a security company talk about wanting to see app makers give over access management to a specialized company instead of building access management from scratch. And the features in the latest version of Enterprise Password Vault include a verification process that checks the stored password with the credential used on the target system and entitlement reports designed to make PCI compliance easier make a compelling case for using a specialty security company.

But the realities of integrating an outside security component into an enterprise application is, as they say in engineering, a "nontrivial task." And when the overhead of managing a relationship between an app maker and a security component company, plus the licensing fees, testing and, ultimately, the customer experience of getting problems resolved by a single vendor, the walls to this type of communal development still seem pretty daunting.

So, while I'm covering RSA, I'll be keeping an ear to the ground to see if this kind of cooperative product development is getting a hearing.