Sun Targets Regulatory Compliance

Sun's Identity Auditor responds to regulatory compliance needs.

Sun Microsystems Inc. this week plans to unveil a new piece of its expanding identity management product designed to help customers get a handle on ever-increasing audit and regulatory compliance requirements.

Federal and state regulations, including HIPAA (Health Insurance Portability and Accountability Act); the Sarbanes-Oxley Act; and the California Security Breach Information Act, or SB 1386, are forcing enterprise security teams to take a hard look at identity management and access control systems to control access to sensitive data. However, more than a few organizations are finding they cant pull together the information they need to comply with the regulations.

As a result, several vendors, including Sun, are introducing dedicated solutions for policy compliance and auditing.

Suns Identity Auditor lets administrators specify which applications they want the solution to scan. Identity Auditor then checks each application for policy violations, such as unneeded access privileges, unauthorized access changes or a failure to segregate duties. The system then can generate reports and automatically send them to previously specified people for review.

Identity Auditor also is tightly integrated with Suns Identity Manager solution, which lets administrators set up a policy that will disable an account if a policy violation is found during an audit. Identity Auditor can even shut down an active user session, using the Java System Access Manager. The system can also issue similar commands to other vendors identity management products through SPML (Service Provisioning Markup Language) calls.

/zimages/3/28571.gifClick here to read about Suns Compliance and Content Management Solution.

Sun also has built in a capability for Identity Auditor to communicate directly with SEM (security event management) solutions, including Symantec Corp.s Security Management System. Identity Auditor can provide up-to-the-minute log data showing which users are accessing which applications to help security specialists decide what actions to take during an active attack.

"This enables a closed-loop integration," said Sara Gates, vice president of identity management at Sun, based in Santa Clara, Calif.

Identity Auditor also comes prepackaged with several report templates and sample security policies that customers can choose from; customers also have the option of designing their own.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.