Sun Redefines ID Lifecycle Management
- By John K. Waters
Is there a process in IT today that doesn't have its own ''lifecycle?'' We
have application development lifecycles, product lifecycles, SOA lifecycles,
information lifecycles, and service lifecycles. I just spotted a press release
in my email inbox from a provider of a VoIP lifecycle management solution. And
there's a message haunting my voice mail from someone who wants to talk with me
about ''automating the spreadsheet compliance lifecycle.''
Is ''lifecycle'' going the way of ''platform,'' devolving into a kind of
verbal duct tape? Not yet, but it's getting there.
I mention this because I needed to get the grump out before telling you about a
big announcement Sun Microsystems is set to
make today at the Digital ID
World conference, which is just getting underway this week in Santa
Clara, CA. (It runs Oct 11-13). The news, as I'm sure you've already guessed, is
about the latest release of the Palo Alto, CA-based company's identity lifecycle
I'm pleased to say that during their a tag-team product briefing, Sun product
managers Andy Land and Chris LaPoint rocketed past the jargon du jour
before my eyes could glaze over.
''Some people call it ID lifecycle management,'' Land explained, ''some call
it employee lifecycle management. It's all about the provisioning process.''
ID management as a product category falls under provisioning, which
is not so much about passwords and retinal scanning as it is about simply
deciding who gets access to which resources within an organization. Most
companies provision through homegrown systems or disparate manual processes--you
fill out a form, turn it in at the right desk, and somebody gives you a laptop
and a password that gets you into this or that database. The Sun Java System
Identity Manager automates that process, from initial provisioning, through
changing roles, all the way to termination.
With release 7.0 Sun takes ID management to a new level
by adding an automated process that monitors and enforces the business controls
you thought you put in place during the provisioning process. Sun calls this
capability ''identity auditing.'' If ID lifecycle management answers the
question, ''What access should a user have?'' ID auditing answers the
question, ''What level of access does
a user have?''
''With this release we're redefining the provisioning market,'' Land told
me. ''We've seen the convergence of these two distinct processes, and so have
our customers. Basically, we had to do something innovative to bring them
together and drive the market in this direction because our customers told us
That's a bold statement, but it's not mere marketing swagger. Sun has been a
leader in ID management at least since the product category took off about two
years ago. Both Gartner and Forrester put Sun at the head of the pack in this
market, so it's not surprising to see the company move early to provide this new
auditing component. While enterprise interest in ID management has been fueled
by a range of factors, demand for identity auditing will likely be driven by
compliance requirements, LaPoint said.
''If you had perfect provisioning up front, there would be no business need
for auditing capabilities,'' he said. ''You'd never have a violation of
your defined business policies, so you'd never need to interrogate your systems
to check for them. Of course, provisioning concerns always come up
after you have a thousand different systems in place and a thousand
different ways of doing things. But even if you provision perfectly, government
regulations now say you have to prove it.''
New auditing features in Sun Java System Identity Manager 7.0 provide users
with the ability to audit for violations across multiple applications and
automatically remediate; to detect and fix pre-existing violations; to maintain
baseline roles and audit practices; to implement a ''certification
review/manager attestation'' cycle to show due diligence; and to extend controls
to extranet-facing projects, which might include remote workers, partners, and
customers who require high transactional throughput.
Sun is announcing the product today;
it's scheduled for general availability in October.
My earlier grumping notwithstanding, it's fair to say that any process that
ends with ''termination'' has earned its lifecycle
John K. Waters is a freelance writer based in Silicon Valley. He can be reached
at [email protected].