Synchronizing Exchange identities and more

Microsoft has a product to support synchronization of identities between Exchange environments. That product is the "Identity Integration Feature Pack for Microsoft Windows Server Active Directory with Service Pack 2 (SP2)". For those you who do not know what the IIFP is here's a snippet that gives you an overview:

Identity Integration Feature Pack for Microsoft® Windows Server™ Active Directory® with Service Pack 2 (SP2) manages identities and coordinates user details across Microsoft Active Directory, Active Directory Application Mode (ADAM), Microsoft Exchange 2000 Server, and Exchange Server 2003 implementations. Using Identity Integration Feature Pack, you can combine identity information for a given user or resource into a single, logical view. Identity Integration Feature Pack also automates the provisioning of new and updated identity data, eliminating time-consuming, repetitive administration and the need to manually add, delete, or update identity information, groups, and user accounts.

Sounds good, right? In fact, it does sound good - or maybe I should say it used to sound good. Read the description above a few times and you might notice three key things that are missing:

1. What about support of Windows Server 2008?
2. What about support for Exchange 2007? Exchange 2010?
3. This is all about identities. What about synchronizing calendars "into a single, logical view"?

The first two key items are getting to be show stoppers for most organizations. The last item is, in my humble opinion, very important - it's the "and more" in my post title. I've heard from many customers that they'd one tool to synchronize contacts and free/busy information - not half a tool.

All of this came to mind when I was trying to better understand why interest in Quest's Collaboration Services product seems to be rapidly increasing. The product has been around for a long time but over the last 8-12 months it's really been taking off.

I think I figured out that the answer is in the questions above.

Technorati Tags:
identity management, Active Directory, Exchange, QSFT, Quest Software, MSFT, Microsoft

Privileged Identity Management

I read an interesting article on this topic recently and how it relates to databases. The article is a good read and I want to highlight some points that should apply to everyone working in IDM and particularly around PIM:

1. Even at an enormous firm, the number of privileged IDs with access to high-risk data should be short enough for a busy executive to personally review
2. It is both feasible and reasonable for senior executives to personally review this information and record that they have done so
3. Anyone can expect this kind of review may be taking place in any major organization handling high-risk data, although it is not as universal as it should be

Think about point #1 above and ask yourself if you would have a short list for your CIO/CISO to review at your company. I agree that the list should be extremely short and it should be reviewed by your management chain on a regular basis. As the author states, these reviews are not as universal as they should be. How about at your company?

Technorati Tags:
identity management, QSFT, Quest Software, privileged account management

SPML - The Lingua Franca of Provisioning

If you missed this webcast you can still view it here:

https://tilanareserve.sharelocker.com/f/Jgw2Si6VwkLJUrOacVOSGQ

If you have any interest in SPML here's an opportunity for education:

Webcast: SPML -- Exploiting the New Lingua Franca of Provisioning Identity and Access Management
Thursday, August 20 at 11:00 a.m. EDT

During this informative webcast, Randy Franklin Smith will explain how Service Provisioning Markup Language (SPML) can help you easily integrate self-service portals, provisioning systems and target applications in your heterogeneous environment. You will learn where to find support for SPML in a Microsoft-centric network now and in the future, as well as see a live demonstration of SPML in action.

Register here.

Technorati Tags:
QSFT, Quest Software, SPML, identity management

Cloud Insecurity

Interesting article about Clive Peeters - an Australian company - and how they have been left reeling by $20m sting by their payroll manager.

...she admitted to using a loophole in the company's internet banking with National Australia Bank to steal from the company.

What this reminded me of was a customer focus group about federation that I did while I was at Microsoft. I'm not sure if this is the exact words that the CIO of a company used during the meeting but it is close enough:

Why would I want to use federation in my business when I can't even trust my own staff not to write down their passwords and leave them stuck to their monitors or to even log off their workstations at night?

While the article I reference isn't exactly related to cloud computing it does highlight the fact that we still have a long way to go with respect to security. Here's another article that seems appropriate to the discussion: Why cloud security is only as strong as your weakest password (and what you can do about it)

Technorati Tags:
identity management, cloud computing, security