October 21, 2008, 2:52 PM — Novell, Sun and Oracle Monday have announced updates to their identity-management platforms that focus on monitoring access controls and strengthening authentication.
Novell and Sun both unveiled tools for compliance (compare auditing and compliance tools), while Oracle added features to its strong authentication platform. (Compare identity-management platforms.) The trio made their announcements at the annual European version of the Burton Group Catalyst Conference, which opened Monday in Prague.
Novell released its Access Governance Suite, a bundle of two products it is licensing from roles-management vendor Aveksa. The tools let users define and manage access rights and streamline them into the identity- and access-management workflow, including role provisioning in Novell Identity Manager. Novell is integrating the bundle with its Sentinel software, which provides real-time event correlation. The Aveksa products in the bundle are branded Novell Compliance Certification Manager and Novell Roles Lifecycle Manager.
"We now have a closed-loop process," says Nick Nikols, vice president of product management for identity and security at Novell. "Now we can manage and initially set appropriate access settings, but also monitor their usage and refine them over time." The Aveksa technology provides an easy way to bring new applications into the provisioning process, he says.Â
Perhaps more important, however, is that the Aveksa technology lets IT share the responsibility for role creation and management with managers throughout a company's business units. The tools collect a user's access data from across the network and aggregate it in one location. In addition, review of the data can be automated, as can certification, reporting and change management.
Sun 's new Identity Compliance Manager is a tool for automating the collection of access data and for reporting on compliance. The tool also has a watchdog role, allowing users to monitor changes in user access and take corrective action if needed.
The base technology in Compliance Manager was acquired when Sun bought Vaau, and is the same technology Sun used as the foundation for Sun Roles manager.
"Not every customer is ready for roles," says Nick Crown, senior product line manager. "This provides a lower price point and sets them up for the future."
Compliance Manager includes a number of new features including access certification, which captures and consolidates identity and access data and provides an audit trail. Users also can set Compliance Manager to validate access controls based on an event, such as a job transfer entered into a human-resources system. Other features include the Entitlement Glossary, which uses plain English to describe access privileges; a segregation of duty features; and remediation tracking.
Sun Compliance Manager costs US$75,000 plus a charge per user based on volume.
Oracle released Adaptive Access Manager 10g Release 3, which is designed to protect against fraud, identity theft, phishing and key-logging. Earlier this year, the vendor updated its compliance and auditing tools.Â
Highlighting Release 3 are four new features: auto learning, which detects a user's normal working patterns, then watches for anomalies that might indicate fraudulent use; investigation management, which provides advanced service-log reviews and analysis; transaction administration for examining and analyzing the technologies used in transactions; and support for 20 languages. Oracle also has embedded a copy of Oracle Business Intelligence Publisher in the software.
