Sun, Oracle and Novell Take Aim at Identity and Access Management

Sun Microsystems, Oracle and Novell all have something to say about identity and access management. Each vendor is releasing a new security product to answer needs in the market. While Oracle focuses on thwarting online and insider fraud, Sun and Novell take different security approaches rooted in compliance.

Three of the major identity and access management vendors-Oracle, Novell and Sun Microsystems-put a new horse in the race for control of the security space today, Oct. 20.

While Oracle turned its attention towards fighting online threats, however, Novell and Sun kept their eyes on compliance mandates.

In the case of Oracle, the emphasis was on mitigating insider fraud and protecting business applications against phishing, Trojans and other Web-based threats. In Oracle Adaptive Access Manager 10g R3, the company built in context-aware capabilities to fight fraud. Also included is an autolearning feature that security administrators can use to detect fraud patterns and usage anomalies. In addition, Oracle added reporting tools that integrate with Oracle Business Intelligence Publisher and enhanced forensic capabilities.

Meanwhile, Sun released its Identity Compliance Manager with a focus on enforcing segregation of duties and access certification-measures meant to help businesses meet regulatory and industry compliance mandates.

"You need to review your access on a periodic basis," said Nick Crown, senior product manager for Identity Compliance Manager. "Essentially what [access certification] means is with this software we're able to aggregate all of your identity and access management across the enterprise."

Sun also added a number of compliance dashboards and reports to provide executives with relevant information to ensure that the proper controls are in place to meet compliance regulations.

Is whitelisting the answer to enterprise security? Click here for eWEEK Security Center Editor Larry Seltzer's opinion.

Novell introduced the Novell Access Governance Suite to augment its existing compliance management portfolio. The suite consists of two products, Novell Roles Lifecycle Manager and Novell Compliance Certification Manager. Aimed at bridging the gap between security mandates and unique business requirements, both products are based on an OEM relationship between Novell and identity and access management vendor Aveska.

Access data is collected and normalized, Novell officials said, and there is full automation for access review, certification and reporting as well as access change management and access rights remediation.

"IT provides tools that enable governance activities," Kevin Kampman, an analyst with the Burton Group, said in a statement. "However, IT departments are increasingly being asked to enact business polices and automate business processes of which they neither have knowledge of nor control over. To close this divide, policy decisions and compliance monitoring must be pushed to the business owners. Identity management vendors have begun to address this issue through improved workflow, delegated administration, self-service and access attestation functionality."