Friday, October 30, 2009

Reality tour visit to Vancouver

I'm speaking at the Vancouver Technology User Group next week on "Shouldn't Single Sign-on Be Child's Play?". Quest Software is sponsoring the food. Welcome time is 6pm and we'll kick things off at 6:30pm. If you're interested in attending please click here for the registration link.

I hope to see you there!

Technorati Tags:
, , ,

Tuesday, October 27, 2009

Serious provisioning mistake costs $471,000!

I read this in the morning paper today and thought you'd appreciate how serious of a provisioning mistake this was. Would you class this as an identity management issue? I certainly would. I'd also class it as a compliance issue. Great examples of how identity management and compliance are so interlinked. I wonder if Avaya already has an IDM product? If so, it shows you the hole that still exists in the checks and balances side of IDM and compliance.
A New Jersey company paid a man nearly half a million dollars before realizing he wasn't working.

Anthony Armatys was hired by telecommunications giant Avaya in 2002 for more than $100,000 a year. He changed his mind and didn't take the job, but the payroll department apparently never got the memo, according to the Star-Ledger.

For nearly five years, Avaya paid Armatys and he gladly accepted, spending most of the money on everyday items. The rest went straight into a retirement account. Armatys got caught when he tried to make an early withdrawal from that account.

He pleaded guilty to second-degree theft and has to pay the $470,995 back to Avaya. Armatys, 35, faces up to six years in prison when he's sentenced in January -- time enough to think about his next dream job.

Technorati Tags:
, , ,

Thursday, October 22, 2009

Quest and Microsoft Executive Summit on Identity Management

I'm pleased to tell you about the Quest and Microsoft executive summit being held Thursday, November 19, 2009 at the Microsoft Executive Briefing Center across the street from me here in Redmond, Washington.

Our experts will offer guidance for gaining greater efficiency and security from your current infrastructure, using best practices and real-life examples. We'll be discussing:
  • Common challenges and organizational impact of simplifying your access, single sign-on and identity management
  • Available solutions and services that can make your transition a success as well as facilitate a secure environment
  • How to comply with regulations and mitigate risks by automating and managing access to sensitive systems and data
  • Benefits of the Microsoft platforms for identity and access management
We have a number of awesome Microsoft speakers including Shanen Boettcher and Conrad Bayer who will be presenting, too. If you are interested in attending this event or would like more information please visit

Technorati Tags:
, , , ,

Wednesday, October 21, 2009

Single Sign-on: Separating Fact from Fiction

Quest Software is hosting a virtual trade show and the session I am doing is called "Single Sign-on: Separating Fact from Fiction". It has been recorded so if you're interested in seeing it all you have to do is click here.

Technorati Tags:
, , , ,

Tuesday, October 13, 2009

ADAC & Windows Server 2008 R2

My colleague and fellow blogger, Bob Bobel, has posted about a shortcoming in the latest and greatest from Microsoft related to Microsoft Exchange integration - actually, the lack thereof. Here's a link to his post and a quote:
One glaring regression is the lack of integration with Microsoft Exchange. The former Active Directory Users and Computers UI had extensions that would expose the critical attributes necessary to perform recipient management. This was handy for many people and its absence is already being mentioned. I would guess that eventually the Microsoft Exchange team will provide this, but so far it has been a no-show.
Good to know this up-front so you're not too surprised by this fact.

Monday, October 05, 2009

Is there money in federation?

In my last post, "Microsoft on the verge", I talked about a number of things including "Geneva" or Windows Identity Foundation. One of the things that interests me about Microsoft's federation strategy is the inclusion of the foundation within Windows Server itself.

Why is this significant? Mainly because it means that federated scenarios are included in the server license so if a customer wants to federate with another organization all they have to do is set up the agreements and go from there without being concerned about additional licensing costs. As you can see from the Liberty Alliance test matrix Microsoft went through a battery of test to get their SAML 2.0 certification.

What does this all mean for Microsoft's customers? Well, it means that there may no longer be a need to purchase an actual federation solution from a 3rd party ISV. Or, as time goes on, I suspect that the inclusion of federation in the Windows platform will put significant pricing pressure on ISVs that sell federation products. ISVs will not be able to make a lot of money on pure federation solutions. However, I do believe that there are still three areas where ISVs will be able to add significant value over what Microsoft is delivering:

1. Auditing: I do not believe that Microsoft will be delivering a comprehensive audit capability around their federation components. As you can well imagine the need to audit federation or single sign-on "events" will be pretty important from a security and compliance perspective.

2. Management: By management I mean operational management of your federated relationships. How easy will setting up a federated partnership be? How easy will it be to monitor your on-going partnerships? How about troubleshooting those linkages?

3. Strong authentication: I haven't seen much discussed about enabling strong authentication of federated transactions. What if I want to use a smartcard or a one-time password (OTP) to protect my transactions?

Don't forget the basics that we have all come to rely on - or are asked to deliver by our company's management: Audit, compliance and security. They are all required - still.

Technorati Tags:
, , , , , , ,

Saturday, October 03, 2009

Microsoft on the verge?

My Google news net caught this article for me today - Microsoft wary as security, identity integration plan lags - by John Fontana that's definitely worth a read.
Microsoft is on the verge of finally providing some pieces of software to back up its ambitious plan to integrate its security and identity technologies, but the company admits it is moving slower than it had anticipated.
Progress towards this goal, as many of us have already blogged, has been slow. One glimmer of movement in the right direction was last year's merger of the security and identity teams. I also think that the upcoming "Geneva" - now Windows Identity Foundation - will be pivotal for Microsoft and the industry.

In John Fontana's article there's an interesting quote from Bob Muglia I'd like to highlight:
We (Microsoft) don't see ourselves as providing the only solution that an enterprise customer needs for security...
I think most customers would agree with this. In fact, Bob really needed to add "and identity" to that statement. Nearly every customer I meet with has multiple identity management products deployed. In fact, at one customer I recently met with they had three different self-service password reset solutions deployed. Many of the customers I meet with have also deployed Microsoft's identity lifecycle product too (MMS, MIIS or ILM). When I quiz them on what scenarios they are solving with the Microsoft product the most typical response is "GAL sync" yet the company has also deployed a non-Microsoft identity product or framework for the enterprise.

In talking with these teams I have found that in many cases the "Windows", "Active Directory" or "Microsoft" team at an enterprise holds enough power or influence to dictate what is used in their own environment but not enough power or influence at the corporate level to dictate what is used for identity management.

Bob Muglia states that he doesn't see Microsoft providing the only solution that an enterprise customer needs for security. I don't see Microsoft providing the only solution that an enterprise customer needs for identity either.

Technorati Tags:
, , , , ,