Wednesday, September 29, 2010

Voelcker ActiveEntry continues to impress me!


I’m sitting here in the Quest Chicago offices with a bunch of our identity specialists getting some advanced training on ActiveEntry. I continue to be impressed by this product. This is a screen shot of the out-of-the-box dashboard that is showing a pie-chart of external and internal employees that this manager is managing along with a traffic light that signifies if any of his employees are locked-out. The dashboard can be customized by simply be enabling or disabling the various reports that are available to you. Some of those default reports that can be included in the dashboard are:
  • Accounts without requests
  • Blocked employees with enabled accounts
  • Employees by status
  • New rule violations by department
  • Pending requests by department
  • Rule violations by department
  • Top 10 entitlements with members by department
  • Top 10 roles with members by department
 All of this is available at installation. No programming. No consulting. No effort. No sweat.

Thursday, September 23, 2010

IAM horror stories from Atlanta – times three!


“We’ve hardly exploited the product – but we paid full price!”

This is what a customer told me here in Atlanta today. I had spent the morning talking with them about their identity management initiatives. Does anyone out there believe that a company has only one identity management product, suite or vendor? I hope note. I rarely meet a customer that has only one. This customer already had two and were talking to us about our capabilities. They had both XXXXXXX and XXXXXX. I’m happy to add Quest because I will make sure that they are H-A-P-P-Y with our solution.

I finish my meeting and head to my hotel room to interview a sales director for our identity management team and my mobile phone rings: “Dude, when are you back in Seattle? I have a customer who has XXXXXX Identity Manager. They’ve spent a ton of money and don’t want to spend any more. Will you talk with them?”

After I get off the candidate interview my mobile rings again. It’s a different sales rep: “I just talked with XXX and they have XXXXXX Identity Manager. They’ve spent $3M and have been asked to spend another $3M. They want to talk to us!”

So, I don’t know if it’s because we bought Voelcker that customers are falling out of trees or what but in one day we had three opportunities pop up! What a day. Oh, and of the three opportunities two were to displace XXXXXX Identity Manager and the other was to displace another Gartner Magic Quadrant “Leader”.

What are my take-aways?

1. Many customers have more than one identity management product, suite or vendor in the house already.
2. Customers are not happy with what they have.
3. IAM is important enough that despite rampant failures the customer is still wanting to solve the problem even if it means selecting another vendor and spending more money.
4. Being in the leadership quadrant has absolutely nothing to do with how successful you, as a customer, will be.

Exciting times for an upstart IAM vendor like Quest Software eh?!

Technorati Tags:

Friday, September 17, 2010

Even governments gives “sales” discounts!

This was an interesting read in itself but I had to laugh at the comment that the UK government gave RBS a 30% discount on the fine they were going to impose because they did not challenge their findings!

Bank fined $9.7m over poor IT governance

RBS' IT systems could have let fraud go unmonitored.

UK financial services regulator the Financial Services Authority [FSA] has fined the Royal Bank of Scotland (RBS) £5.6 million (A$9.7 million) for implementing shoddy IT systems which left it in breach of the country’s money laundering laws.

The bank had implemented its treasury IT system in 2006, which was meant to screen incoming and outgoing cross-border payments. According to the FSA, RBS neglected to check the accuracy of the systems since its implementation. “After the initial set up, the results produced by the screening filters were not routinely reviewed or monitored by RBSG to ensure that they were appropriate. "This meant that over time the ‘fuzzy matching’ parameters initially set by RBSG became significantly less effective at identifying potential matches,” the authority said in its decision notice this week.

For two years the bank failed to screen a single incoming payment from a foreign source. It also missed the bulk of outgoing payments by its customers, except those destined for the US. “RBSG’s automated screening failed to screen the majority of trade finance SWIFT messages generated in the international trade transactions that it carried out,” said the FSA. Under UK laws financial institutions are meant to match customer transactions to the government’s treasury list, known as Her Majesty’s Treasury. The Treasury’s Asset Freezing Unit (AFU) maintains a list of people identified by the United Nations, the European Union and the UK. If the financial institution identifies a transaction that may correlate to a person on that list, it must stall the payment until it determines whether it is an exact match. If it is the bank should alert the AFU.

The FSA said it could have fined RBS $13.8 million, but offered RBA a 30 percent discount for not challenging its decision.

Monday, September 13, 2010

HP buys Arcsight

Just read this in the Wall Street Journal:
Hewlett-Packard Co. (HPQ) agreed to buy security-software maker ArcSight Inc. (ARST) for about $1.5 billion, continuing the company's spending spree that began after Chief Executive Mark Hurd resigned last month.
I wonder if, as the article implies, this leads to additional consolidation within the security market. I did like what ArcSight was trying to achieve around identity with their SIEM capabilities by integrating identity management into the SIEM equation:
ArcSight IdentityView is a specialized solution module, built on the ArcSight SIEM Platform, designed to enhance the value of IAM technologies. It combines the broad activity collection and correlation of SIEM with the user and role management of IAM. As a result, organizations realize the value of their IAM investment more quickly, get a complete picture of user activity, and can pass compliance audits with confidence.
It will be interesting to see both if HP can be successful with their integration of ArcSight and if they manage to value (and keep) the IAM part of this technology.

Friday, September 10, 2010

Exclusive Training and Networking Events for Quest Customers in Europe

If you are a Quest customer, we’re pleased to introduce two user group meetings, offered Wednesday afternoon immediately following the close of The Experts Conference in Germany. The user group meetings highlighting ActiveRoles Server and ChangeAuditor, will bring together users for an interactive discussion around best practices and roadmap plans. We hope you’ll join us!

ActiveRoles Server User Group Meeting – Wednesday, 6 October | 13:30 -16:30
To Register, Please Email:
Please join us for an exclusive ActiveRoles Server User Group Meeting at The Experts Conference (TEC) Europe 2010 on Wednesday, 6 October from 13:30 to 16:30 at the InterContinental Dusseldorf . We’ll discuss best practices for ActiveRoles Server’s provisioning and day-to-day Active Directory management. We’ll cover deployment scenarios, product roadmap and a live product demonstration of our upcoming 6.7 release. Best of all, we’ll have the rare opportunity to hear from you in person!

ChangeAuditor User Group Meeting – Wednesday, 6 October | 13:30 – 16:30 pm
To Register, Please Email:

Do you own Quest ChangeAuditor? If so, please join us for our User Group Meeting at The Experts Conference (TEC) Europe 2010 on Wednesday, 6 October, from 13:30 to 16:30 at the InterContinental Dusseldorf.

We will demonstrate what is new in ChangeAuditor 5.0 and the recently-released ChangeAuditor 5.1 and preview new capabilities and features that are being added to version 5.5 and beyond. We will also discuss key integration points between ChangeAuditor and InTrust. Then, join in a discussion with your peers on how other organizations are leveraging ChangeAuditor to track, audit, report and alert on changes in their environment.  Whether you use ChangeAuditor to monitor Active Directory, Exchange or your Windows file servers, you are sure to get some relevant take-aways from this meeting.

Thursday, September 09, 2010

Controlling the Risk of Active Directory Domain Admins

Quest is sponsoring a live webcast with industry expert Randy Franklin Smith on controlling the risk created within organizations when system administrators have absolute power over Active Directory.  If you would like to attend the webcast, click on the below link.

Live Webcast - Absolute Power: Controlling the Risk of Domain Admins
September 21, 2010, 11:00 a.m. ET

Systems with all-powerful administrators are at risk for unintended changes and malicious acts.  During this one hour "Real Training for Free™" event, Randy Franklin Smith will show you how to use Active Directory’s built-in delegation of control feature to get the majority of people out of the Domain Admins group and grant administrators only the granular authority they actually need.  You’ll also learn to use the security log to monitor any changes, as well as how to quickly restore privileges in case of an emergency.

Then Quest will demonstrate their innovative solution that makes it easy to manage least privilege using self-service and automation.

Register for the webcast

Technorati Tags: ,,,,,,,,,,,

Wednesday, September 08, 2010

Quest Authentication Services – Upcoming Lunch and Learn’s in Denver and Omaha

We’re going to have some smart guys leading a lunch and learn on the latest release of Quest Authentication Services in Denver and Omaha in a couple of weeks. If you are in the area and have the opportunity to join us we’d love to meet you. Here are the details:

Lunch Discussion:  Improve Security, Compliance and Productivity with Quest’s AD Bridge Solutions
When: Tuesday, September 21 from 11:45 a.m. to 2:00 p.m.
Where:  McCormick & Schmick's Seafood Restaurant – Denver, CO (DTC)

Lunch Discussion:  Improve Security, Compliance and Productivity with Quest’s AD Bridge Solutions
When: Wednesday, September 22 from 11:45 a.m. to 2:00 p.m.
Where:  Fleming’s Steakhouse – Omaha, NE
Consolidating identities into AD reduces the complexity and costs of identity management while improving security, compliance, and productivity. At this luncheon we will discuss best practices for evaluating AD bridge solutions, and explain how Quest‘s solutions can meet the unique needs of every organization.  Key discussion topics include:
  • Short-term Unix, Linux, Mac password challenges
  • Long-term password compliance
  • A safe and controlled path to eliminating NIS
  • Two-factor authentication solutions
  • Unix root delegation and auditing
  • Access control of Unix information housed in AD
Don’t miss this opportunity to meet Quest experts and ask them your toughest identity and access management questions, as well as share tips and best practices with other local business leaders.